Prepare bundle releases.

horde · Aug 6, 2015 · 3ff4cfb · 3ff4cfb
1 parent ee525ce
commit 3ff4cfb
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 16 deletions.
diff --git a/bundles/groupware/docs/CHANGES b/bundles/groupware/docs/CHANGES
@@ -2,6 +2,10 @@
 v5.2.10-git
 -----------
 
+Files Changes
+-------------
+[mjr] SECURITY: Fix XSS vulnerability when viewing directory contents
+      (Discovered by http://www.beyondsecurity.com/ssd.html).
 
 
 ------

diff --git a/bundles/groupware/docs/RELEASE_NOTES b/bundles/groupware/docs/RELEASE_NOTES
@@ -1,11 +1,11 @@
 <?php
 /* Security release? */
-$notes['security'] = false;
+$notes['security'] = true;
 
 /* Mailing list release notes. */
 $notes['changes'] = <<<ML
 The Horde Team is pleased to announce the final release of the Horde Groupware
-version 5.2.9.
+version 5.2.10.
 
 Horde Groupware is a free, enterprise ready, browser based collaboration
 suite. Users can manage and share calendars, contacts, tasks, notes, files, and
@@ -17,9 +17,13 @@ http://www.horde.org/apps/groupware/docs/UPGRADING
 For detailed installation and configuration instructions, please see
 http://www.horde.org/apps/groupware/docs/INSTALL
 
-The major changes compared to the Horde Groupware version 5.2.8 are:
-    * Release to fix application versions in package file. No other changes from
-      version 5.2.8.
+Thanks to an anonymous researcher working with Beyond Security's SecuriTeam
+Secure Disclosure program <http://www.beyondsecurity.com/ssd.html> for
+discovering the vulnerability.
+
+The major changes compared to the Horde Groupware version 5.2.9 are:
+    * SECURITY: Fix XSS vulnerability in Files application when viewing
+      directory contents.
 ML;
 
 $notes['name'] = 'Horde Groupware';

diff --git a/bundles/groupware/package.xml b/bundles/groupware/package.xml
@@ -21,7 +21,7 @@
  </stability>
  <license uri="http://www.horde.org/licenses/">OSI certified</license>
  <notes>
-* 
+* [mjr] Update Gollem.
  </notes>
  <contents>
   <dir baseinstalldir="/" name="/">
@@ -83,7 +83,7 @@
    <package>
     <name>gollem</name>
     <channel>pear.horde.org</channel>
-    <min>3.0.4</min>
+    <min>3.0.5</min>
     <max>4.0.0alpha1</max>
     <exclude>4.0.0alpha1</exclude>
    </package>
@@ -613,7 +613,7 @@
    <date>2015-08-02</date>
    <license uri="http://www.horde.org/licenses/">OSI certified</license>
    <notes>
-* 
+* [mjr] Update Gollem.
    </notes>
   </release>
  </changelog>

diff --git a/bundles/webmail/docs/CHANGES b/bundles/webmail/docs/CHANGES
@@ -2,6 +2,10 @@
 v5.2.10-git
 -----------
 
+Files Changes
+-------------
+[mjr] SECURITY: Fix XSS vulnerability when viewing directory contents
+      (Discovered by http://www.beyondsecurity.com/ssd.html).
 
 
 ------

diff --git a/bundles/webmail/docs/RELEASE_NOTES b/bundles/webmail/docs/RELEASE_NOTES
@@ -1,11 +1,11 @@
 <?php
 /* Security release? */
-$notes['security'] = false;
+$notes['security'] = true;
 
 /* Mailing list release notes. */
 $notes['changes'] = <<<ML
 The Horde Team is pleased to announce the final release of the Horde Groupware
-Webmail Edition version 5.2.9.
+Webmail Edition version 5.2.10.
 
 Horde Groupware Webmail Edition is a free, enterprise ready, browser based
 communication suite. Users can read, send and organize email messages with four
@@ -19,11 +19,14 @@ http://www.horde.org/apps/webmail/docs/UPGRADING
 For detailed installation and configuration instructions, please see
 http://www.horde.org/apps/webmail/docs/INSTALL
 
-The major changes compared to the Horde Groupware Webmail Edition version 5.2.8
-are:
+Thanks to an anonymous researcher working with Beyond Security's SecuriTeam
+Secure Disclosure program <http://www.beyondsecurity.com/ssd.html> for
+discovering the vulnerability.
 
-    * Release to fix application versions in package file. No other changes from
-      version 5.2.8.
+The major changes compared to the Horde Groupware Webmail Edition version 5.2.9
+are:
+    * SECURITY: Fix XSS vulnerability in Files application when viewing
+      directory contents.
 ML;
 
 $notes['name'] = 'Horde Groupware Webmail Edition';

diff --git a/bundles/webmail/package.xml b/bundles/webmail/package.xml
@@ -21,7 +21,7 @@
  </stability>
  <license uri="http://www.horde.org/licenses/">OSI certified</license>
  <notes>
-* 
+* [mjr] Update Gollem.
  </notes>
  <contents>
   <dir baseinstalldir="/" name="/">
@@ -667,7 +667,7 @@
    <date>2015-08-02</date>
    <license uri="http://www.horde.org/licenses/">OSI certified</license>
    <notes>
-* 
+* [mjr] Update Gollem.
    </notes>
   </release>
  </changelog>