On Wed, 2012-02-22 at 09:01 +0000, Anna Morris wrote:
Hi, don't know if anyone is on the lug list - this dosn't sound good, wern't we discussing running horde?
Yes, it is serious, but not that serious IMO, and it doesn't reflect on Horde in my view.
Basically one aspect of Horde distribution was cracked, they realised, and fixed it. The way the exploit worked was never very public afaik, only 3 releases of horde were affected (all of them older versions, not the current version (4)) and as far as I can tell only handful of distros were affected (and notified, and fixed).
So only if you had downloaded an older version of Horde via FTP would you have been affected. That's still probably a lot of people, and it still means that anyone who was affected may have had all their user emails stolen or something (though this is usually not the motive for such attacks).
I still like Horde and would choose to use it if we offer groupware to our users, at least until Kolab releases their new suite of alternatives. To be honest offering groupware may not be a great idea however; we may wish to just offer webmail, in which case I'd probably recommend roundcube instead of Horde.
In any case, interesting news, and its a very good idea for us all to follow developments like these so we can have informed discussions and decisions in the near future.
Thanks for sharing, Anna!
Sam.