Da: Ralf Becker [mailto:rb@...]
Inviato: martedì 1 ottobre 2013 18:39
A: egroupware-german@...; discussions and questions from
users and for users of eGroupWare; development of eGroupWare, for active
Oggetto: [eGroupWare-users] EGroupware SECURITY and bugfix release 1.8.005
This release contains a fix for a remove code execution vulnerability.
It is recommended to update ASAP!
Thanks to Marcel Mangold <marcel.mangold@...>, Pascal Uter
<pascal.uter@...> from SySS GmbH for discovering and reporting the
problem to us.
The new version contains 3 major parts:
a) already mentioned fix for remove code execution vulnerability
b) further security hardening of EGroupware as recommended by SySS GmbH:
- using now httponly and secure cookies (secure only if https is used to
- header.inc.php uses for new installations or on update now secure password
hashes like they were used for accounts since some time now
- setup uses now a session instead of storing credentials in a cookie
- html downloads from Filemanager now either force a download or - if brower
supports - use a content-security-policiy header to mitigate risk of session
- blowfish_crypt is now marked as most secure hashing algorithmus for
passwords and used by default on new installations
c) regular bugfixes in all modules since 1.8.004 see
Thanks to everyone who helped with this release.
We are currently working on a new shared community and EPL release expected
later this year. It will contain exicting new features, a complete new look
and some previous EPL-only features will become available to the whole
Director Software Development
Morschheimer Strasse 15 | Tel. +49 6352 70629 0
D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30
http://www.stylite.de | http://www.egroupware.org
Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller Chairman of
the supervisory board: Prof. Dr. Birger Leon Kropshofer
VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
from the latest Intel processors and coprocessors. See abstracts and
eGroupWare-users mailing list