[pkg-horde] [announce] Horde 3.3.3 (final)

Chuck Hagenbuch chuck at horde.org
Tue Jan 27 15:09:41 UTC 2009 

The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.3.3.

This is a minor security release that fixes unescaped output in the tag cloud
search script, and validates the Horde_Image driver name to prevent a possible
local file inclusion vulnerability. All users are encouraged to  
upgrade to this
release. Thanks to Gunnar Wrobel for finding these issues in a code audit.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP.  It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
applications.

The major changes compared to Horde version 3.3.2 are:
     * SECURITY: Fix unescaped output in the tag cloud block
     * SECURITY: Fix unvalidated Horde_Image driver name
     * Restore backwards compatibility with older Kronolith and Whups
       releases
     * Fix problems with SQL Shares and PostgreSQL
     * Support Mozilla Sunbird snooze properties

The full list of changes (from version 3.3.2) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.492&r2=1.515.2.503&ty=h

The Horde 3.3.3 distribution is available from the following locations:

     ftp://ftp.horde.org/pub/horde/horde-3.3.3.tar.gz
     http://ftp.horde.org/pub/horde/horde-3.3.3.tar.gz

Patches against version 3.3.2 are available at:

     ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.3.2-3.3.3.gz
     http://ftp.horde.org/pub/horde/patches/patch-horde-3.3.2-3.3.3.gz

NOTE: Patches do not contain differences between files containing binary data.
These files will need to be updated via the distribution files.

Or, for quicker access, download from your nearest mirror:

     http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

     d1d70771992bb3413d84d0dad67bb794  horde-3.3.3.tar.gz
     035239888e8a318e9a0ec654f126c0d8  patch-horde-3.3.2-3.3.3.gz

Have fun!

The Horde Team.

--
Horde announcements mailing list
You are subscribed to this list as: pkg-horde-hackers at lists.alioth.debian.org
To unsubscribe, mail: announce-unsubscribe at lists.horde.org

More information about the pkg-horde-hackers mailing list