Release Notes: This release improves the XSS filter.
Release Notes: This release fixes unescaped output only exploitable by authenticated users. It also includes a number of bugfixes since Horde 3.2.1, including fixes for Cache drivers, SQL shares, Preferences, and more. Finally, it includes some new Kolab Group and Preferences drivers.
Release Notes: This release fixes unescaped output only exploitable by authenticated users, and fixes handling of large amounts of text in filters with PHP 5.2+.
Release Notes: An arbitrary file inclusion vulnerability, through abuse of the theme preference, has been fixed.
Release Notes: A privilege escalation in the Horde API has been fixed. The XSS filtering has been improved. Compatibility between newer themes and older applications has been improved. The SOAP and JSON-RPC interfaces have been improved. Creation of sub-groups and localization of the WYSIWYG editor have been fixed. Many further bugfixes and improvements have been made.
Release Notes: A privilege escalation in the Horde API has been fixed. The XSS filtering has been improved. Locked portal blocks have been fixed. The webroot detection has been improved further. The Japanese translation has been updated.
Release Notes: A local arbitrary file deletion vulnerability has been fixed. The Oracle session handler has been rewritten. vTimezone support for iCalendar data and ORG support for vCard data have been added. Samba and Cyrus SQL authentication drivers, automatic Web root detection, signature dimming, and compatibility of generated ZIP files have been improved. Validation of some email distribution lists has been fixed. Many small fixes and improvements have been made. Brazilian Portuguese, Catalan, Dutch, French, German, Portuguese, and Traditional Chinese translations have been updated.
Release Notes: This is a bugfix release that also fixes a cross site scripting vulnerability and improves protection against phishing attempts. Kolab group ACL support has been added, import of date and time fields has been improved, and synchronization support has been fixed. Catalan, German, and Slovenian translations have been updated.
Release Notes: This is a security release that fixes a cross site scripting vulnerability and improves protection against phishing attempts.
Release Notes: This is a security release that fixes cross site scripting vulnerabilities in three places and removes some unused proxy code. A configuration option to disable GET-based sessions has been added. Oracle and generic SQL upgrade scripts have been added. The default charset support, the API, and the RPC interface have been improved. The preference cache has been fixed.