EGroupware SECURITY and maintenance release 14.2.20140218

classic Classic list List threaded Threaded
1 message Options
Ralf Becker Stylite AG Ralf Becker Stylite AG
Reply | Threaded
Open this post in threaded view

EGroupware SECURITY and maintenance release 14.2.20140218

This release contains important security fixes.

*It is recommended to update ASAP!*

1. Critical: Unauthenticated insecure PHP object deserialization
allowing arbitrary code execution
2. High: Cross site scripting by circumventing content security policy
3. High: Unauthenticated local file access read and write under MS Windows

*Older EGroupware releases are affected too:*

* 14.1: please make the unproblematic update to 14.2.20150218
* EPL 11.1: you need to update to 11.1.20150218
* 1.8: you need to update to or better direct to

Credits and thanks to Andreas Fischer and Lukas Reschke who found the
issues and notified us.

The release is also a regular maintenance release like we publishing it
currently every ~2 weeks.

It also contains many bug-fixes, specially compared with initial 14.2


Ralf Becker
Director Software Development

Stylite AG

Morschheimer Strasse 15 | Tel. +49 6352 70629 0
D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30

Email: [hidden email] |

Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer

VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany

Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
eGroupWare-announcement mailing list
[hidden email]

signature.asc (850 bytes) Download Attachment