Maintenance Releases and Change Logs

Follow EGroupware development! New features and bugfixes are updated to EGroupware Cloud on every few days, the installation packages are build on every few weeks.

14.02.2015: This release contains important security fixes: It is recommended to update ASAP!

SECURITY and maintenance release 14.2.20150218

  • Critical: Unauthenticated insecure PHP object deserialization allowing arbitrary code execution
  • High: Cross site scripting by circumventing content security policy
  • High: Unauthenticated local file access read and write under MS Windows

Older EGroupware releases are affected too:

  • 14.1: please make the unproblematic update to 14.2.20150218EPL
  • 11.1: you need to update to 11.1.20150218
  • 1.8: you need to update to or better direct to 14.2.20150218 

Credits and thanks to Andreas Fischer and Lukas Reschke who found the issues and notified us.