[imp] IMP H3 (4.0.5) (final)

Jan Schneider jan at horde.org
Thu Aug 17 06:47:10 PDT 2006


The Horde Team is pleased to announce the final release of the IMP Webmail
Client version H3 (4.0.5).

This is a security release that fixes a cross site scripting vulnerability
with not properly escaped folder names.

Many thanks to Marc Ruef for reporting this problem.

IMP, the Internet Messaging Program, is one of the most popular webmail
applications available.  It allows universal, web-based access to IMAP and
POP3 mail servers and provides a full range of features normally found only in
desktop email clients.

Major changes compared to the IMP version H3 (4.0.4) are:
    * Fixed escaping of folder names.
    * Fixed French translation.

The full list of changes (from version H3 (4.0.4)) can be viewed here:

http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.115&r2=1.699.2.116.2.2&ty=h

The IMP H3 (4.0.5) distribution is available from the following locations:

    ftp://ftp.horde.org/pub/imp/imp-h3-4.0.5.tar.gz
    http://ftp.horde.org/pub/imp/imp-h3-4.0.5.tar.gz

Patches against version H3 (4.0.4) are available at:

    ftp://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.0.4-h3-4.0.5.gz
    http://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.0.4-h3-4.0.5.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    MD5 (imp-h3-4.0.5.tar.gz) = 1273c0f24a234850ca4a6b6153316fec
    MD5 (patch-imp-h3-4.0.4-h3-4.0.5.gz) = fe9b5012785dce6e20c75be11985f74e

Have fun!

The Horde Team.


More information about the imp mailing list