[horde] General Status Update on H6 and notorious htmlspecialchars error

Ralf Lang ralf.lang at ralf-lang.de
Fri May 9 14:45:42 UTC 2025 

Hello,

before we get to the actual meat:

I have caught a bunch of cases where the notorious htmlspecialchars() 
could happen. Please update to 
https://github.com/horde/View/releases/tag/v3.0.0alpha6 to test.

*Achievements of the past two weeks:*

- The horde/components release tool now can read conventional commits 
https://www.conventionalcommits.org/en/v1.0.0/ and turn them into 
changelog and version info.
- I have modernized the developer container setup to run php 8.4, 
mariadb, ldap and generally provide a more useful developer experience. 
A developer horde can environment can now be set up in less than 5 
minutes though it's still somewhat lacking. Notably, no dovecot email 
components (imp webmail, ingo mail filter).
- The horde ldap driver seems to be compatible with php 8.4 now. At 
least the way I tested it which does not mean much.
- Several apps and libraries now run without spamming the logs with 
deprecation warnings just for being installed. Among them are whups 
(tickets), nag (tasks), mnemo (notes), turba (contacts) and kronolith 
(calendar). Testing is very superficial and there is still a lot to do.
- Some places in the horde base app have been made more resilient 
against missing sections of configuration. You now have a better chance 
of actually using the admin UI when configuring horde.
- New library horde/phpconfigfile for programmatically editing what it 
says on the tin. This is a building block towards making initial setup 
more pleasant.
- Some updates in the wiki

This is a team effort. Nobody can drive such a project alone. There's so 
much left to do.

*Contribution
*

If you want to contribute bug fixes, please open PRs and specifically 
highlight Torben (@tdannhauer) and me (@ralflang). We will probably be 
back to having a stream of activities and PRs across all repos by next 
week but for now that extra notification can help speed up things.

If you want to report issues, please use the mailing list for now. Some 
components have the "issues" feature enabled on github. We also watch 
the known issues wiki page.

*git branch or alpha versions?*

With the tool chain improving, we tend to release new tagged versions as 
soon as a block of work is finished. Thus there is less and less 
incentive to run directly off the development branches.

*The currently recommended settings are:
*
composer config minimum-stability dev
composer config prefer-stable true

You might need to run with an additional switch -W
   -W, --with-all-dependencies                          Update also 
dependencies of packages in the argument list, including those which are 
root requirement

composer update -W

More information about the horde mailing list