including XSS (prefs, MIME viewer) and preventing overwriting of webserver-
accessible files (image form fields, e.g. with Turba). For more information
see http://lists.horde.org/archives/announce/2009/000512.html.
Thanks Vijay Sankar, Michiel van Baak and Daniel Levai for testing/feedback.
This is a minor security release that adds another check to the XSS
filter for an Internet Explorer exploit. All users are encouraged
to upgrade to this version.
This is a bugfix release that also improves XSS (cross site scripting)
filters, used for example in HTML message viewers, and fixes privilege
escalations in the Horde API. All users are encouraged to upgrade to this
version.
Major changes compared to Horde 3.1.5 are:
* Fixed privilege escalation in the Horde API.
* Improved XSS filtering.
* Fixed locked portal blocks.
* Further improved webroot detection.
* Updated Japanese translation.
The full list of changes (from version 3.1.5) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.306&r2=1.515.2.312.2.2&ty=h
Major changes compared to Horde 3.1.4 are:
* Improved webroot detection.
* Fixed language selection in login screen.
* Updated Czech, Estonian, German, Polish, Spanish, and Simplified
Chinese translations.
* Small bug fixes and improvements.
The full list of changes (from version 3.1.4) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.298&r2=1.515.2.306&ty=h
previous version.
Horde now has a dependency on PostgreSQL, which is the default database. If
you want to use MySQL instead, then use the mysql FLAVOR. If you want to use
LDAP in addition to an SQL database, use the ldap FLAVOR.
--
The Horde Project is a group of developers who write Web applications
using the Horde Application Framework, itself a product of the
Project.
The Horde Application Framework is written in PHP, and provides the
common tools a Web application requires: classes for dealing with
preferences, compression, browser detection, connection tracking,
MIME, and more.
