Security releases for Horde 3.0.x and Horde 3.1

During a security audit I discovered a flaw in Horde's help viewer that allows remote command execution on the web server. All versions since Horde 3.0 are affected, and all Horde users are strongly encouraged to upgrade their Horde installations to Horde 3.0.10 or Horde 3.1.1. You should be able to apply the patch from 3.0.9 to 3.0.10 on most 3.0.x versions older than 3.0.9. We decided to wait for public disclosure and new releases until this Tuesday noon (European time) to not collide with the weekend and give European administrators the chance to update in the afternoon and American admins to update in the morning.

Official release announcements: 

The Horde Team is releasing a critical security fix for the Horde Application Framework versions 3.0 and above. Version 2.x and earlier releases are not affected.

The Horde Application Framework is a modular, general-purpose web application framework written in PHP.  It provides an extensive array of classes that are targeted at the common problems and tasks involved in developing modern web applications.

Major changes compared to Horde 3.1 are:

Changes compared to Horde 3.0.9 are: