{janschneider.de}

Last releases of the Horde 3.1 series

No less than 13 applications of the Horde 3.1 series have been released during the last few days. The reason was that we wanted to get all changes and fixes since the last release out to the public so that we can now concentrate on releasing the Horde 3.2 series.

Beside the usual bunch of bug fixes, improvements, and translation updates, a few security issues have been fixed too.
Horde, Horde Groupware, and Horde Groupware Webmail Edition have fixed an XSS vulnerability in the language selection, and an arbitrary file deletion vulnerability in the cleanup cron script. A hotfix for the latter issue - that can only be exploited by local users that have access to the system - is to simply not run the cleanup script.
IMP, Horde Groupware, and Horde Groupware have fixed XSS vulnerabilities in the webmail search screen and thread view. The latter is kind of serious because it can be triggered simply by sending a specially crafted email message to the victim. At least the victim has to view the message in the thread view intentionally.

The only stable applications that haven't been released are Mnemo and Jeta, because they didn't have any significant changes since their last release. All the other released applications, Horde, Horde Groupware, Horde Groupware Webmail Edition, IMP, MIMP, Turba, Ingo, Kronolith, Nag, Passwd, Vacation, Forwards, and Chora, have at least a few small bugfixes or updated translations.

We've decided to push the releases out because it's time to finally concentrate on finishing and stabilizing Horde 3.2 and all other stable applications that are still actively developed in CVS HEAD, as well as preparing a few new applications for their first releases. I will cover this in a different blog entry.

Major changes compared to Horde 3.1.3 are:

• Correctly quote file names in cleanup script for temporary files.
• Detect unencrypted PGP messages.
• Rewritten Oracle session handler.
• Added vTimezone support to iCalendar API and ORG support to vCard API.
• Improved virtual domain support for Cyrus SQL authentication driver.
• Improved Samba authentication driver.
• Improved automatic webroot detection.
• Improved signature dimming.
• Improved compatibility of generated ZIP files.
• Fixed an XSS vulnerability in the language selection.
• Fixed validation of some email distribution lists.
• Several Kolab related fixes.
• Lots of small fixes and improvements.
• Updated Brazilian Portuguese, Catalan, Dutch, French, German, Portuguese and Traditional Chinese translations.

Major changes compared to the IMP H3 (4.1.3) version are:

• Fixed XSS vulnerabilities in the search screen and thread view.
• Improved displaying of PGP messages.
• Fixed IMAP filtering.
• Turned mailto: links in HTML emails into IMP compose links.
• Small improvements to the iCalendar/iTip handler.
• Improved compatibility with Internet Explorer 7.
• Several small bug fixes and improvements.
• Updated Brazilian Portuguese, Catalan, Dutch, German, Portuguese and Traditional Chinese translations.

Major changes compared to the MIMP version H3 (1.0) are:

• Added Catalan, Dutch and Portuguese translations.
• Updated Finnish and German translations.

Major changes compared to the Turba H3 (2.1.3) version are:

• Improved vCard support.
• Updated Catalan, Finnish, German, Portuguese, and Traditional Chinese translations.
• Small bugfixes and improvements.

Major changes compared to the Ingo H3 (1.1.2) version are:

• Fixed blacklists and whitelists when using the IMAP driver.
• Updated translations: German, Finnish, Portuguese, Traditional Chinese.

Major changes compared to the Kronolith H3 (2.1.4) version are:

• Improved support for non-ascii character sets.
• Added Catalan translation.
• Updated Finnish, German, Portuguese, and Traditional Chinese translations.
•  Small bugfixes and improvements.

The major changes compared to the Nag H3 (2.1.2) version are:

• Small bug fixes and improvements.
• Added Catalan translation.
• Updated Finnish, German, Portuguese, and Traditional Chinese translations.

The major changes compared to the Passwd version H3 (3.0) are:

• Small improvements to the sql, poppassd, kolab, and expect drivers.
• Added Japanese and Slovenian translations.
• Updated Brazilian Portuguese, Danish, Finnish, German and Italian translations.

The major changes compared to the Vacation H3 (3.0) version are:

• Added support for Berkeley DB 4 vacation databases.
• Allowed users to set their From: address.
• Improved configuration for LDAP searches.
• Added Slovenian translation.
• Updated German and Traditional Chinese translations.

The major changes compared to the Forwards H3 (3.0) version are:

• Switched to BSD-like license.
• Added Russian translation.
• Updated German and Traditional Chinese translations.

Major changes compared to the Chora version H3 (2.0.1) are:

• Changed sort order of patchsets to match commit logs.
• Added Danish translation.
• Updated almost all translations.

Read: 7805 times | Date: 03/19/2007

What's available?

For news and RSS feeds go to the news section.

For consulting and contract development go to the consulting section.

Amazon Wishlist