[horde] another security issue discovered in Horde ref. CVE-2022-30287
Louis-Philippe Allard
lp.allard.1 at gmail.com
Wed Jun 1 17:00:32 UTC 2022
Quoting Cristian-Petru Pencov <cristian.pencov at artmatch.ro>:
> Hi folks,
> it seems that Horde is under 'fire' regarding the security flaws
> And this one is really nasty!
>
> "New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by
> Sending Email"
> https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html
>
> and from researcher's blog
> https://blog.sonarsource.com/horde-webmail-rce-via-email/
>
> I hope that the dev team will find the quickest solution to block
> this attacks.
>
> but:
> As a beneficiary of this Open Source application, these findings
> make me wonder whether to continue using it or not!
>
> and the question that comes naturally would be:
> Is there still goodwill from developers or the community to provide
> us a secure application and fix these vulnerabilities in a very
> short time?
>
> Thank you all for your precious time to make things better than yesterday!
>
> --
>
> Best regards,
> Cristian-Petru Pencov
> IT specialist
>
> ARTMATCH SRL
> Calea Sagului (DN 59), KM 8+550 m
> Platforma Incontro, Hala 4-7
> 307221 Chisoda, Timis, Romania
> mobile: +4 0721-202989 | fax: +4 0256-305015
> e-mail: cristian.pencov at artmatch.ro | internet: www.artmatch.ro[1]
>
> Please consider the environment before printing this email.
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/To unsubscribe,
> mail: horde-unsubscribe at lists.horde.org
In the last few years I noticed the mail list are very quiet. Makes
me wonder if Horde is still maintained to begin with? Genuine
question because I remember back in 2010-2011 the mail list was very
active (just look at the archives) and Horde was evolving rapidly.
I understand your question about continuing to use it or not. I have
the same question but finding a closely ressembling alternative wont
be easy...
Links:
------
[1] http://www.artmatch.ro
Louis-Philippe Allard
lp.allard.1 at gmail.com
Sent using Horde Groupware on GNU/Linux
More information about the horde
mailing list