14.02.2015: This release contains important security fixes: It is recommended to update ASAP!
SECURITY and maintenance release 14.2.20150218
- Critical: Unauthenticated insecure PHP object deserialization allowing arbitrary code execution
- High: Cross site scripting by circumventing content security policy
- High: Unauthenticated local file access read and write under MS Windows
Older EGroupware releases are affected too:
- 14.1: please make the unproblematic update to 14.2.20150218EPL
- 11.1: you need to update to 11.1.20150218
- 1.8: you need to update to 1.8.007.20150218 or better direct to 14.2.20150218
Credits and thanks to Andreas Fischer and Lukas Reschke who found the issues and notified us.