From: Netmail <ne...@el...> - 2013-10-01 17:01:22
|
Thanks! -----Messaggio originale----- Da: Ralf Becker [mailto:rb...@st...] Inviato: martedì 1 ottobre 2013 18:39 A: egr...@li...; discussions and questions from users and for users of eGroupWare; development of eGroupWare, for active developers; egr...@li... Oggetto: [eGroupWare-users] EGroupware SECURITY and bugfix release 1.8.005 This release contains a fix for a remove code execution vulnerability. It is recommended to update ASAP! Thanks to Marcel Mangold <mar...@sy...>, Pascal Uter <pas...@sy...> from SySS GmbH for discovering and reporting the problem to us. The new version contains 3 major parts: a) already mentioned fix for remove code execution vulnerability b) further security hardening of EGroupware as recommended by SySS GmbH: - using now httponly and secure cookies (secure only if https is used to login) - header.inc.php uses for new installations or on update now secure password hashes like they were used for accounts since some time now - setup uses now a session instead of storing credentials in a cookie - html downloads from Filemanager now either force a download or - if brower supports - use a content-security-policiy header to mitigate risk of session hijacking - blowfish_crypt is now marked as most secure hashing algorithmus for passwords and used by default on new installations c) regular bugfixes in all modules since 1.8.004 see http://www.egroupware.org/changelog Thanks to everyone who helped with this release. We are currently working on a new shared community and EPL release expected later this year. It will contain exicting new features, a complete new look and some previous EPL-only features will become available to the whole EGroupware comunity. Ralf -- Ralf Becker Director Software Development Stylite AG Morschheimer Strasse 15 | Tel. +49 6352 70629 0 D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30 Email: rb...@st... www.stylite.de | www.egroupware.org Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany ---------------------------------------------------------------------------- -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ eGroupWare-users mailing list eGr...@li... https://lists.sourceforge.net/lists/listinfo/egroupware-users |