[nag] Nag H3 (2.0.4) (final)
chuck@horde.org
chuck at horde.org
Sun Dec 11 11:40:37 PST 2005
The Horde Team is pleased to announce the final release of the Nag Task List
Manager version H3 (2.0.4).
This is a security release that fixes cross site scripting
vulnerabilities in several of the tasklist name and task data
fields. None of the vulnerabilities can be exploited by
unauthenticated users; however, we strongly recommend that all users
of Nag 2.0.3 upgrade to 2.0.4 as soon as possible.
Many thanks to Johannes Greil of SEC Consult
(http://www.sec-consult.com/) for reporting these problems and working
with us to test the fixes.
Nag is a web-based application built upon the Horde Application Framework wh=
ich
provides a simple, clean interface for managing online task lists (i.e., TOD=
O
lists). It also includes strong integration with the other Horde applicatio=
ns
and offers shared task lists.
The major changes compared to the Nag H3 (2.0.3) version are:
* Close several XSS vulnerabilities with task and tasklist data.
The full list of changes (from version H3 (2.0.3)) can be viewed here:
http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=3D1.115.2.20&r2=3D1.115.2.=
21.2.2&ty=3Dh
The Nag H3 (2.0.4) distribution is available from the following locations:
ftp://ftp.horde.org/pub/nag/nag-h3-2.0.4.tar.gz
http://ftp.horde.org/pub/nag/nag-h3-2.0.4.tar.gz
Patches against version H3 (2.0.3) are available at:
ftp://ftp.horde.org/pub/nag/patches/patch-nag-h3-2.0.3-h3-2.0.4.gz
http://ftp.horde.org/pub/nag/patches/patch-nag-h3-2.0.3-h3-2.0.4.gz
Or, for quicker access, download from your nearest mirror:
http://www.horde.org/mirrors.php
MD5 sums for the packages are as follows:
bc405088672f0118c2e27f35dfff1a67 nag-h3-2.0.4.tar.gz
54f5e6a717031fed6c97f645f68595e3 patch-nag-h3-2.0.3-h3-2.0.4.gz
Have fun!
The Horde Team.
More information about the nag
mailing list