Jan Schneider | 10 Dec 17:02 2008

IMP H3 (4.2.1) (final)

The Horde Team is pleased to announce the final release of the IMP Webmail
Client version H3 (4.2.1).

This is a minor security release that fixes unescaped output in the test
script. All users are encouraged to upgrade to this release. In addition all
users are encouraged to disable test.php in production, per the install
documentation.

IMP, the Internet Messaging Program, is one of the most popular webmail
applications available.  It allows universal, web-based access to IMAP and
POP3 mail servers and provides a full range of features normally found only in
desktop email clients.

IMP version H3 (4.2.1) is a minor security release with these fixes:
     * Escape output in test.php

The full list of changes (from version H3 (4.2)) can be viewed here:

http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.301&r2=1.699.2.301.2.1&ty=h

The IMP H3 (4.2.1) distribution is available from the following locations:

     ftp://ftp.horde.org/pub/imp/imp-h3-4.2.1.tar.gz
     http://ftp.horde.org/pub/imp/imp-h3-4.2.1.tar.gz

Patches against version H3 (4.2) are available at:

     ftp://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.2-h3-4.2.1.gz
     http://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.2-h3-4.2.1.gz

(Continue reading)

Jan Schneider | 10 Dec 17:08 2008

Turba H3 (2.2.2) (final)

The Horde Team is pleased to announce the final release of the Turba Contact
Manager version H3 (2.2.2).

This is a minor security release that fixes unescaped output in the test
script. All users are encouraged to upgrade to this release. In addition all
users are encouraged to disable test.php in production, per the install
documentation.

Turba is the Horde contact management application. It is a production level
address book, and makes heavy use of the Horde framework to provide
integration with IMP and other Horde applications. It supports SQL, LDAP,
Kolab, and IMSP address books.

Turba version H3 (2.2.2) is a minor security release with these fixes:
     * Escape output in test.php

The full list of changes (from version H3 (2.2.1)) can be viewed here:

http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.170&r2=1.181.2.170.2.1&ty=h

The Turba H3 (2.2.2) distribution is available from the following locations:

     ftp://ftp.horde.org/pub/turba/turba-h3-2.2.2.tar.gz
     http://ftp.horde.org/pub/turba/turba-h3-2.2.2.tar.gz

Patches against version H3 (2.2.1) are available at:

     ftp://ftp.horde.org/pub/turba/patches/patch-turba-h3-2.2.1-h3-2.2.2.gz
     http://ftp.horde.org/pub/turba/patches/patch-turba-h3-2.2.1-h3-2.2.2.gz

(Continue reading)

Chuck Hagenbuch | 10 Dec 17:21 2008

Horde 3.2.3 (final)

The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.2.3.

This is a minor security release that adds another check to the XSS filter for
an Internet Explorer exploit. All users are encouraged to upgrade to this
version.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP.  It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
applications.

The major changes compared to the Horde version H3 (3.2.2) are:
     * Added another check to the XSS filter (only IE is vulnerable).

The full list of changes (from version 3.2.2) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.413.2.1&r2=1.515.2.413.2.3&ty=h

The Horde 3.2.3 distribution is available from the following locations:

     ftp://ftp.horde.org/pub/horde/horde-3.2.3.tar.gz
     http://ftp.horde.org/pub/horde/horde-3.2.3.tar.gz

Patches against version 3.2.2 are available at:

     ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.2.2-3.2.3.gz
     http://ftp.horde.org/pub/horde/patches/patch-horde-3.2.2-3.2.3.gz

NOTE: Patches do not contain differences between files containing binary data.
(Continue reading)

Jan Schneider | 10 Dec 17:18 2008

IMP H3 (4.3.1) (final)

The Horde Team is pleased to announce the final release of the Internet
Messaging Program (IMP) version H3 (4.3.1).

This is a minor security release that fixes unescaped output in the test
script. All users are encouraged to upgrade to this release. In addition all
users are encouraged to disable test.php in production, per the install
documentation.

IMP, the Internet Messaging Program, is one of the most popular webmail
applications available.  It allows universal, web-based access to IMAP and
POP3 mail servers and provides a full range of features normally found only in
desktop email clients.

The major changes compared to the IMP version H3 (4.3) are:
     * Escape output in test.php
     * Deleted attachments are now marked as 'attachment' instead of 'inline'.
     * iTip replies are sent using the regular outgoing email configuration.
     * multipart/appledouble attachments are always displayed.
     * prototype.js has been upgraded to v1.6.0.3.

The full list of changes (from version H3 (4.3)) can be viewed here:

http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.355&r2=1.699.2.365&ty=h

The IMP H3 (4.3.1) distribution is available from the following locations:

     ftp://ftp.horde.org/pub/imp/imp-h3-4.3.1.tar.gz
     http://ftp.horde.org/pub/imp/imp-h3-4.3.1.tar.gz

Patches against version H3 (4.3) are available at:
(Continue reading)

Chuck Hagenbuch | 10 Dec 17:39 2008

Horde 3.3.1 (final)

The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.3.1.

This is a minor security release that adds another check to the XSS filter for
an Internet Explorer exploit. All users are encouraged to upgrade to this
version.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP.  It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
applications.

The major changes compared to the Horde version H3 (3.3) are:
     * Added another check to the XSS filter (only IE is vulnerable).
     * An import script for SquirrelMail preferences.
     * Consistent access keys.
     * Fix sharing with LDAP groups.
     * Several SyncML fixes.
     * Upgrade prototype.js to v1.6.0.3.

The full list of changes (from version 3.3) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.474&r2=1.515.2.490&ty=h

The Horde 3.3.1 distribution is available from the following locations:

     ftp://ftp.horde.org/pub/horde/horde-3.3.1.tar.gz
     http://ftp.horde.org/pub/horde/horde-3.3.1.tar.gz

Patches against version 3.3 are available at:
(Continue reading)

Chuck Hagenbuch | 10 Dec 17:50 2008

Turba 2.3.1 (final)

The Horde Team is pleased to announce the final release of the Turba Contact
Manager version H3 (2.3.1).

This is a minor security release that fixes unescaped output in the test
script. All users are encouraged to upgrade to this release. In addition all
users are encouraged to disable test.php in production, per the install
documentation.

Turba is the Horde contact management application. It is a production level
address book, and makes heavy use of the Horde framework to provide
integration with IMP and other Horde applications. It supports SQL, LDAP,
Kolab, and IMSP address books.

The major changes compared to the Turba version H3 (2.3) are:
     * SECURITY: Escape output in test.php
     * A SquirrelMail contact import script.
     * Kolab fixes for free/busy URLs and photos.
     * prototype.js has been upgraded to 1.6.0.3.

The full list of changes (from version 2.3) can be viewed here:

http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.208&r2=1.181.2.220&ty=h

The Turba 2.3.1 distribution is available from the following locations:

     ftp://ftp.horde.org/pub/turba/turba-2.3.1.tar.gz
     http://ftp.horde.org/pub/turba/turba-2.3.1.tar.gz

Patches against version 2.3 are available at:

(Continue reading)

Jan Schneider | 10 Dec 18:22 2008

Horde Groupware 1.1.4 (final)

The Horde Team is pleased to announce the final release of the Horde Groupware
version 1.1.4.

This is a minor security release that adds another check to the (unused) XSS
filter for an Internet Explorer exploit and fixes unescaped output in the
address book test script. All users are encouraged to upgrade to this
version. In addition all users are encouraged to disable test.php in
production, per the install documentation.

Horde Groupware is a free, enterprise ready, browser based collaboration
suite. Users can manage and share calendars, contacts, tasks and notes  
with the
standards compliant components from the Horde Project.

The major changes compared to the Horde Groupware version 1.1.3 are:
     * Added another check to the XSS filter (only IE is vulnerable).
     * Escape output in address book's test.php.
     * Fixed included Date_Holiday package.
     * Fixed configuration files upgrades.
     * Fixed database generation on PostgreSQL.

The full list of changes (from version 1.1.3) can be viewed here:

http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.28&r2=1.28.2.2&ty=h

The Horde Groupware 1.1.4 distribution is available from the following  
locations:

     ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.1.4.tar.gz
     http://ftp.horde.org/pub/horde-groupware/horde-groupware-1.1.4.tar.gz
(Continue reading)

Jan Schneider | 10 Dec 18:57 2008

Horde Groupware Webmail Edition 1.1.4 (final)

The Horde Team is pleased to announce the final release of the Horde Groupware
Webmail Edition version 1.1.4.

This is a minor security release that adds another check to the XSS filter for
an Internet Explorer exploit and fixes unescaped output in the test.php
scripts. All users are encouraged to upgrade to this version. In addition all
users are encouraged to disable test.php in production, per the install
documentation.

Horde Groupware Webmail Edition is a free, enterprise ready, browser based
communication suite. Users can read, send and organize email messages with
three different webmail interfaces and manage and share calendars, contacts,
tasks and notes with the standards compliant components from the Horde
Project.

The major changes compared to the Horde Groupware Webmail Edition  
version 1.1.3
are:
     * Added another check to the XSS filter (only IE is vulnerable).
     * Escape output in test.php scripts.
     * Fixed included Date_Holiday package.
     * Fixed configuration files upgrades.
     * Fixed database generation on PostgreSQL.

The full list of changes (from version 1.1.3) can be viewed here:

http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.25&r2=1.25.2.2&ty=h

The Horde Groupware Webmail Edition 1.1.4 distribution is available  
from the following locations:
(Continue reading)

Chuck Hagenbuch | 10 Dec 20:58 2008

Horde 3.3.2 (final)

The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.3.2.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP.  It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
applications.

The major changes compared to Horde version 3.3.1 are:
     * Fix prototypejs regression on IE.

The full list of changes (from version 3.3.1) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.490&r2=1.515.2.492&ty=h

The Horde 3.3.2 distribution is available from the following locations:

     ftp://ftp.horde.org/pub/horde/horde-3.3.2.tar.gz
     http://ftp.horde.org/pub/horde/horde-3.3.2.tar.gz

Patches against version 3.3.1 are available at:

     ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.3.1-3.3.2.gz
     http://ftp.horde.org/pub/horde/patches/patch-horde-3.3.1-3.3.2.gz

NOTE: Patches do not contain differences between files containing binary data.
These files will need to be updated via the distribution files.

Or, for quicker access, download from your nearest mirror:

(Continue reading)

Chuck Hagenbuch | 10 Dec 21:05 2008

IMP H3 (4.3.2) (final)

The Horde Team is pleased to announce the final release of the Internet
Messaging Program (IMP) version H3 (4.3.2).

IMP, the Internet Messaging Program, is one of the most popular webmail
applications available.  It allows universal, web-based access to IMAP and
POP3 mail servers and provides a full range of features normally found only in
desktop email clients.

The major changes compared to the IMP version H3 (4.3.1) are:
     * Fix prototypejs regression on IE.

The full list of changes (from version H3 (4.3.1)) can be viewed here:

http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.365&r2=1.699.2.367&ty=h

The IMP H3 (4.3.2) distribution is available from the following locations:

     ftp://ftp.horde.org/pub/imp/imp-h3-4.3.2.tar.gz
     http://ftp.horde.org/pub/imp/imp-h3-4.3.2.tar.gz

Patches against version H3 (4.3.1) are available at:

     ftp://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.3.1-h3-4.3.2.gz
     http://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.3.1-h3-4.3.2.gz

NOTE: Patches do not contain differences between files containing binary data.
These files will need to be updated via the distribution files.

Or, for quicker access, download from your nearest mirror:

(Continue reading)


Gmane