The Horde team announces the availability of IMP 2.2.8, which prevents some potential cross-site scripting (CSS) attacks. Site administrators should consider upgrading to IMP 3 (our first recommendation), but if this is not possible, IMP 2.2.8 should be used to prevent these potential attacks. The Horde Project would like to thank Nuno Loureiro <nuno@eth.pt> for discovering this problem and providing a very thorough analysis. This release also has an update for Informix. Download: This release can be downloaded from the following locations: ftp://ftp.horde.org/pub/horde/ ftp://ftp.horde.org/pub/imp/ MD5 checksums: 96ae6dcf03cab2637c14c13d556049e0 horde-1.2.8.tar.gz 9f0e442f61ce542b945016bee2736d2f imp-2.2.8.tar.gz daa3f4f3821036d7ef47205dc2c7922c patch-horde-1.2.7-1.2.8.gz f3ee21b6b5e40516d46cef955f29e034 patch-imp-2.2.7-2.2.8.gz -- Brent J. Nordquist <bjn@horde.org> N0BJN / OPN: #horde
