Yesterday I released the Kolab Groupware Server Community OpenPKG Edition 2.3.3. It not only fixes some annoying bugs but also includes some security updates.
- apache: Security update to 2.2.20 fixing CVE-2011-3192
- imapd: Security update to to 2.3.17 fixing CVE-2011-3208
- openssl: Update to 1.0.0e fixing CVE-2011-3207 and CVE-2011-3210
- php / apache-php: Security update fixing CVE-2011-1148, CVE-2011-1938, CVE-2011-2202 and CVE-2011-2483
- dimp: No more blank mails in the preview pane. If you still have problems, please make sure to generate all required locales in both ISO and UTF-8 and delete the webclient cache /kolab/var/kolab/webclient_data/tmp/cache_*
- horde: All attachments are displayed again, preference woes were fixed and the memory limit was raised to aviod large Kolab objects to cause a white screen.
- imp: Umlauts in System folders are displayed correctly
- Kolab_FreeBusy: Triggering with only the localpart of user works again
- Kolab_Server: Just like in horde, the memory limit was raised to avoid white screens with large Kolab objects.
- Kolab_Storage: *Lots* of fixes, most notably shared calendars and address books with the same name can now be distinguished.
- kolab-webadmin: The folder listing in the ActiveSync config and the domain maintainer’s welcome page were fixed
- kronolith: FreeBusy list of event organizers in their event attendee view is working again
- openldap: Update to 2.4.26 fixing some memory leaks in slapd
- turba: organizationalUnit (ou) is displayed in the global address book as “department”
For a complete list of changes please refer to the release notes.
The upgrade form 2.3.2 is straight forward, there is nothing special you need to care about. Only if you are compiling packages yourself you need to recompile some due to the OpenSSL update as described in the 1st.README file.
If you are upgrading from 2.2.4, please follow the instructions to upgrade from 2.2.4 to 2.3.0 as outlined in 1st.README.
Documentation and OpenPKG packages are available as shown on the download page. Binary packages for Debian GNU/Linux 6.0 (Squeeze/stable) and 5.0 (Lenny/oldstable) on x86 platforms can be found next to the sources. As soon as they have synced, you can also use the mirrors.
You can check the integrity of the downloaded files by importing our file distribution key and verify the OpenPGP signature and SHA1 checksums:
$ wget https://ssl.intevation.de/Intevation-Distribution-Key.asc $ gpg --import Intevation-Distribution-Key.asc $ gpg --verify SHA1SUMS.sig $ sha1sum -c SHA1SUMS
The native packages for Fedora, EPEL and Debian will be updated to 2.3.3 within the next week.
Please report bugs in our bug tracker.