Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 0 reacties
Bron: Horde

Horde Groupware Webmail is, zoals de naam al doet vermoeden, een pakket waarmee groupware en webmail aangeboden kan worden. Het pakket wordt geschreven in php en maakt gebruik van het Horde-framework. Voor meer informatie verwijzen we jullie door naar deze en deze pagina's. De ontwikkelaars hebben versie 1.2.4 van Horde Groupware Webmail uitgebracht, voorzien van de volgende aankondiging op de mailinglist:

Horde Groupware Webmail Edition 1.2.4 (final)

The Horde Team is pleased to announce the final release of the Horde Groupware Webmail Edition version 1.2.4.

This is a major security release that fixes a vulnerability in the form library that allows overwriting of arbitrary local files with the permissions of the web server user. It also fixes two XSS vulnerabilities in the preference system and the MIME viewer library. The local file vulnerability can only be exploited by users who have write permissions to the address book. All users are encouraged to upgrade to this release.

Thanks to Stefan Esser from SektionEins for finding the local file issue in a code audit, and Martin Geisler and David Wharton for finding the XSS issues.

The major changes compared to the Horde Groupware Webmail Edition version 1.2.3 are:
  • Fixed vulnerability in image form fields that allows overwriting of arbitrary local files.
  • Fixed validation of "number" type preferences.
  • Fixed displaying unknown text MIME parts inline.
  • Many synchronization improvements.
  • Bundled a complete, working PEAR installation.
  • Improved signup support.
  • Releasing memcache lock no longer takes 1 second.
  • Fixes when resetting passwords.
  • Export current locale to the environment.
  • Highlight signed messages depending on the signature verification.
  • Automatically set address book preferences.
  • Fixed some javascript if using IE 8.
  • Use correct charset when rendering inline PGP data.
  • Fixed renaming shared folders contained in empty namespaces.
  • Fixed spellcheck in text-mode for certain words in non-English locales.
  • Fix deleting messages after undeleting in dynamic view.
  • Fix renaming folders with non-7bit characters in dynamic view.
  • Ignore 'compose_html' preference in IMP in mobile view.
  • Fix showing Cc and Bcc fields in mobile view.
  • Various fixes to the maildrop and procmail drivers.
  • Better default settings for forwards, vacation and spam rules.
  • Several VFS fixes in filters.
  • Fixed determination of the spam folder in filters.
  • Allow to add address lists as event attendees through the address book popup.
  • Fixed several issues with all-day events.
  • Display application name as task list name when listing external tasks.
  • Added passphrase confirmation field for encrypted notes.
  • Many further bug fixes and feature enhancements.
The full list of changes (from version 1.2.3) can be viewed here.

Have fun!
The Horde Team.
Moderatie-faq Wijzig weergave

Reacties


Er zijn nog geen reacties geplaatst

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True