[horde] Horde Groupware 1.0.7 (final)

Jan Schneider jan at horde.org
Wed Sep 10 11:28:12 UTC 2008


The Horde Team is pleased to announce the final release of the Horde Groupware
version 1.0.7.

This is a security release that further improves the XSS filter for HTML
messages (CVE-2008-3824). All users are encouraged to upgrade to this version.

Many thanks to Alexios Fakos for detecting this vulnerability, and oCERT for
notifying us.

Horde Groupware is a free, enterprise ready, browser based collaboration
suite. Users can manage and share calendars, contacts, tasks and notes  
with the
standards compliant components from the Horde Project.

Major changes compared to Horde Groupware 1.0.6 are:
     * Further improved the XSS filter for HTML.

The full list of changes (from version 1.0.6) can be viewed here:

http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17.2.4&r2=1.17.2.6&ty=h

The Horde Groupware 1.0.7 distribution is available from the following  
locations:

     ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.0.7.tar.gz
     http://ftp.horde.org/pub/horde-groupware/horde-groupware-1.0.7.tar.gz

Patches against version 1.0.6 are available at:

      
ftp://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.0.6-1.0.7.gz
      
http://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.0.6-1.0.7.gz

NOTE: Patches do not contain differences between files containing binary data.
These files will need to be updated via the distribution files.

Or, for quicker access, download from your nearest mirror:

     http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

     7d6ceefd3a2713986647e3ca3e3bb42e  horde-groupware-1.0.7.tar.gz
     616397266e20a35cb53847780f838312  patch-horde-groupware-1.0.6-1.0.7.gz

Have fun!

The Horde Team.


More information about the horde mailing list