<?php
/**
 * Release focus. Possible values:
 * 0 - N/A
 * 1 - Initial freshmeat announcement
 * 2 - Documentation
 * 3 - Code cleanup
 * 4 - Minor feature enhancements
 * 5 - Major feature enhancements
 * 6 - Minor bugfixes
 * 7 - Major bugfixes
 * 8 - Minor security fixes
 * 9 - Major security fixes
 */
$this->notes['fm']['focus'] = 8;

/* Mailing list release notes. */
$this->notes['ml']['changes'] = <<<ML
The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.1.4.

This is a bugfix release that also fixes an arbitrary file deletion
vulnerability exploitable by local system (not Horde) users on systems using
the example cron cleanup script.

Many thanks to the iDefense Vulnerability Contributor Program for reporting
these problems and working with us to test the fixes.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP. It provides an extensive array of libraries that are
targeted at the common problems and tasks involved in developing modern web
applications.

Major changes compared to Horde 3.1.4-RC1 are:
    * Correctly quote file names in cleanup script for temporary files.
    * Detect unencrypted PGP messages.

Major changes compared to Horde 3.1.3 are:
    * Rewritten Oracle session handler.
    * Added vTimezone support to iCalendar API and ORG support to vCard API.
    * Improved virtual domain support for Cyrus SQL authentication driver.
    * Improved Samba authentication driver.
    * Improved automatic webroot detection.
    * Improved signature dimming.
    * Improved compatibility of generated ZIP files.
    * Fixed an XSS vulnerability in the language selection.
    * Fixed validation of some email distribution lists.
    * Several Kolab related fixes.
    * Lots of small fixes and improvements.
    * Updated Brazilian Portuguese, Catalan, Dutch, French, German, Portuguese
      and Traditional Chinese translations.
ML;

/* Freshmeat release notes, not more than 600 characters. */
$this->notes['fm']['changes'] = <<<FM
A local arbitrary file deletion vulnerability has been fixed.
The Oracle session handler has been rewritten.
vTimezone support for iCalendar data and ORG support for vCard data has been
added.
Samba and Cyrus SQL authentication drivers, automatic webroot detection,
signature dimming and compatibility of generated ZIP files have been improved.
Validation of some email distribution lists has been fixed.
Lots of small fixes and improvements have been made.
Brazilian Portuguese, Catalan, Dutch, French, German, Portuguese and
Traditional Chinese translations have been updated.
FM;

$this->notes['name'] = 'Horde';
$this->notes['fm']['project'] = 'horde';
$this->notes['fm']['branch'] = 'Horde 3';
