This release contains important security fixes.
It is recommended to update ASAP!
- Critical: Unauthenticated insecure PHP object deserialization
allowing arbitrary code execution
- High: Cross site scripting by circumventing content security policy
- High: Unauthenticated local file access read and write under MS Windows
Older EGroupware releases are affected too:
- 14.1: please make the unproblematic update to 14.2.20150218
- EPL 11.1: you need to update to 11.1.20150218
- 1.8: you need to update to 1.8.007.20150218 or better direct to
14.2.20150218
Credits and thanks to Andreas Fischer and Lukas Reschke who found the
issues and notified us.
The release is also a regular maintenance release like we publishing it
currently every ~2 weeks.
It also contains many bug-fixes, specially compared with initial 14.2
release:
http://www.egroupware.org/changelog
Ralf
–
Ralf Becker
Director Software Development
Stylite AG
Morschheimer Strasse 15 | Tel. +49 6352 70629 0
D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30
Email: rb@stylite.de
www.stylite.de | www.egroupware.org
Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer
VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany
