including XSS (prefs, MIME viewer) and preventing overwriting of webserver-
accessible files (image form fields, e.g. with Turba). For more information
see http://lists.horde.org/archives/announce/2009/000512.html.
Thanks Vijay Sankar, Michiel van Baak and Daniel Levai for testing/feedback.
Manager version H3 (2.1.4). And I am pleased to announce my 1000st committ ;)
This is a security release that fixes privilege escalation in the Horde API
and missing ownership validation in the share management. All users are
encouraged to upgrade to this version.
The major changes compared to the Nag H3 (2.1.3) version are:
* Fixed privilege escalation in the Horde API.
* Fixed missing ownership validation on share changes.
* Updated Japanese, Polish, and Spanish translations.
The full list of changes (from version H3 (2.1.3)) can be viewed here:
http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=1.115.2.54&r2=1.115.2.56.2.3&ty=h
--
Nag is the Horde task list application. It stores todo items, things
due later this week, etc. It is very similar in functionality to
the Palm ToDo application.