This release contains security fixes for:
a) arbitrary file overwrite (with rights of webserver user on server)
b) remote code execution (on client/browser)
It is recommended to update ASAP!
Thanks to Pedro Ribeiro pedrib@gmail.com of Agile Information Security
for discovering and reporting the problem to us.
Please see changelog for other fixes contained in this release:
http://www.egroupware.org/changelog
Thanks to everyone who helped with this release.
Some news about upcomming new release 14.1:
- Stylite AG’s internal EGroupware is updated to 14.1 and we do all our
internal work with it since 3 weeks
- publishing of a public demo will happen withing next days
- next milestones are:
- public trials and hosting in Stylite cloud
- release for local installation
Ralf
Ralf Becker
Director Software Development
Stylite AG
Morschheimer Strasse 15 | Tel. +49 6352 70629 0
D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30
Email: rb@stylite.de
www.stylite.de | www.egroupware.org
Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer
VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
eGroupWare-developers mailing list
eGroupWare-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-developers