[pkg-horde] [announce] Horde 3.1.6 (final)

Jan Schneider jan at horde.org
Wed Jan 9 22:31:37 UTC 2008


The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.1.6.

This is a bugfix release that also improves XSS (cross site scripting)
filters, used for example in HTML message viewers, and fixes privilege
escalations in the Horde API. All users are encouraged to upgrade to this
version.

Many thanks to Secunia for reporting an XSS vulnerability (CVE-2007-6018) and
working with us to test the fixes.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP. It provides an extensive array of libraries that are
targeted at the common problems and tasks involved in developing modern web
applications.

Major changes compared to Horde 3.1.5 are:
    * Fixed privilege escalation in the Horde API.
    * Improved XSS filtering.
    * Fixed locked portal blocks.
    * Further improved webroot detection.
    * Updated Japanese translation.

The full list of changes (from version 3.1.5) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.306&r2=1.515.2.312.2.2&ty=h

The Horde 3.1.6 distribution is available from the following locations:

    ftp://ftp.horde.org/pub/horde/horde-3.1.6.tar.gz
    http://ftp.horde.org/pub/horde/horde-3.1.6.tar.gz

Patches against version 3.1.5 are available at:

    ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.1.5-3.1.6.gz
    http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.5-3.1.6.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    9aebe8ef36bfc16a64513f49750fc2a0  horde-3.1.6.tar.gz
    27dcb33fe79ea8a6be278637989ee568  patch-horde-3.1.5-3.1.6.gz

Have fun!

The Horde Team.

-- 
Horde announcements mailing list
You are subscribed to this list as: pkg-horde-hackers at lists.alioth.debian.org
To unsubscribe, mail: announce-unsubscribe at lists.horde.org



More information about the pkg-horde-hackers mailing list