including XSS (prefs, MIME viewer) and preventing overwriting of webserver-
accessible files (image form fields, e.g. with Turba). For more information
see http://lists.horde.org/archives/announce/2009/000512.html.
Thanks Vijay Sankar, Michiel van Baak and Daniel Levai for testing/feedback.
This is a minor security release that fixes unescaped output in the
test script. All users are encouraged to upgrade to this release.
In addition all users are encouraged to disable test.php in production,
per the install documentation.
This is a security release that fixes a privilege escalation in the Horde
API. All users are encouraged to upgrade to this version.
Major changes compared to the Turba H3 (2.1.5) version are:
* Fixed privilege escalation in the Horde API.
* Updated Japanese translation.
The full list of changes (from version H3 (2.1.5)) can be viewed here:
http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.113&r2=1.181.2.114.2.2&ty=h
Major changes compared to the Turba H3 (2.1.4) version are:
* Fixed adding contacts to a new contact list.
* Updated Czech, Estonian, German, Polish, Simplified Chinese, and Spanish
translations.
* Small bugfixes and improvements.
The full list of changes (from version H3 (2.1.4)) can be viewed here:
http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.106&r2=1.181.2.113&ty=h
Major changes compared to the Turba H3 (2.1.2) version are:
* Remember the lastly selected address book during the session.
* Updated Brazilian Portuguese, Dutch, German, and Traditional Chinese
translations.
* Small bugfixes and improvements.
The full list of changes (from version H3 (2.1.2)) can be viewed here:
http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.89&r2=1.181.2.97&ty=h
--
Turba is the Horde contact management application. It makes heavy
use of the Horde framework to provide integration with other
applications such as the IMP webmail system.
