EGroupware SECURITY and maintenance release 14.2.20140218
This release contains important security fixes.
*It is recommended to update ASAP!*
1. Critical: Unauthenticated insecure PHP object deserialization
allowing arbitrary code execution
2. High: Cross site scripting by circumventing content security policy
3. High: Unauthenticated local file access read and write under MS Windows
*Older EGroupware releases are affected too:*
* 14.1: please make the unproblematic update to 14.2.20150218
* EPL 11.1: you need to update to 11.1.20150218
* 1.8: you need to update to 1.8.007.20150218 or better direct to
Credits and thanks to Andreas Fischer and Lukas Reschke who found the
issues and notified us.
The release is also a regular maintenance release like we publishing it
currently every ~2 weeks.
It also contains many bug-fixes, specially compared with initial 14.2