Kronolith H3 (2.0.5) and Horde 2.2.9 released
Even though Kronolith 2.0.4 should have been the last 2.0.x release, and Horde 2 has not been actively developed since years, we released new versions of both.
Horde 2.2.9 is a security release which fixes a potential XSS vulnerability. The hole is due to inproper output escaping and allows leaking of raw user input into error messages. We consider the threat as low.
Kronolith H3 (2.0.5) fixes reminder emails which was broken for certain cases. This bug was introduced in 2.0.4 so it justified another release, though we concentrate on getting 2.1 stable at the moment. We also fixed a long standing annoying popup warning with Internet Explorer about insecure items on the website if using Kronolith on HTTPS connections.
