Download phpGroupWare
phpGroupWare is available as a tarball, a zip file, debs or RPMs. phpGroupWare is also available from CVS.
phpGroupWare is distributed under the terms of the GNU General Public License, most of the API is distributed under the terms of the GNU Lesser General Public License.
For information on installing phpGroupWare, please read the Install HOWTO.
Release News
phpGroupWare 0.9.16.012 is out
Submitted by 'skwashd' 14-Aug-2007 - 05:20 amWe recently became are of a cross site scripting exploit in the phpsysinfo module in phpGroupWare (CVE-2007-4048). This has been fixed in the 0.9.16.012 release.
There have been a lot of other bug fixes along the way too. Our support for PHP 5 has improved too.
All users are encouraged to upgrade. Grab phpGroupWare 0.9.16.012 from our download page now!
phpGroupWare 0.9.16.011 Security and Bug Fix Release is out
Submitted by 'skwashd' 31-Aug-2006 - 04:37 amA security vulnerability has been discovered in phpGW < 0.9.16.011. We were not given a heads up before it was published.
The exploit is in the holiday code in calendar. It can only be exploited with register_globals = on and gpc_magic_quotes = off.
The advisory can be found at FrSIRT
There is code which exploits the vulnerability in the wild - see milw0rm.
All users are strongly encouraged to upgrade immediately.
You can grab the new version from our download section.
Or update from cvs
$ cd /path/to/phpgroupware
$ cvs update -dP
In addition to the security issue above, this release fixes support for MySQL4.1+ and pgsql 8. Support for php5 has been improved too, php5 should now work with zend.ze1_compatibility_mode on.
When grabbing your update, consider attending the phpGroupWare Conference Paris 2006.
The phpGroupWare Crew
Major Bug Fix Release 0.9.16.010 is out
Submitted by 'skwashd' 18-Dec-2005 - 05:30 amphpGroupWare is proud to announce the latest stable version - 0.9.16.010. This release contains over 50 reported bugs fixed, a stack of patches and general polish.
This is release exceeds the normal high quality of a phpgroupware release and is probably the most stable release ever by the phpGroupWare team.
Please refer to the ChangeLog for details on the significant fixes.
The tarballs include updated CVS data so you can easily update. This is a result of the recent CVS changes at savannah.
Enjoy,
The phpGroupWare Crew
Bug Fix Release 0.9.16.008 is out
Submitted by 'skwashd' 27-Aug-2005 - 05:32 amThis release corrects an array hadling bug in the new anti XSS code introduced in 0.9.16.007.
As always you can grab it from our downloads section.
Cheers
The phpGroupWare Crew
Major Security Release 0.9.16.007 is out
Submitted by 'skwashd' 24-Aug-2005 - 06:55 amThis new release fixes several security issues within phpGroupWare. The fixes include:
- Global anti-XSS changes, related to savannah bug #13863
- FUDForum Information Disclosure - CAN-2005-2600
- Disabled XMLRPC until more resources are available - CAN-2005-2498
Disabling of XMLRPC is regrettable but unvoidable. phpGroupWare's XMLRPC code is a bastardized version of phpxmlrpc. Our XMLRPC code is currently unmaintained and we did not have the resources available to merge and test the changes require. Instead of delaying the release any more we chose to disable functionality. If you wish to contribute to fixing our XMLRPC support please contact skwashd at phpgroupware.org
As always grab it from our download section
Cheers
The phpGroupWare crew
