This release fixes a security issue and an issue related to large files in SabreDAV.
XEE issue
Previous SabreDAV versions had a security issue, if running on the following PHP versions
- PHP 5.3, older than 5.3.23
- PHP 5.4, older than 5.4.13
- PHP 5.5 is not affected by this.
You are strongly recommended to upgrade, as the security issue could expose local files or easily trigger a DOS attack.
More information here: http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
Large file support
It was also discovered that SabreDAV can often not serve files larger than 2GB, due to a bug in PHP's fpassthru method.
If you ran into this issue, update sabredav. We are now no longer using fpasshtru.
More information here: http://evertpot.com/fpassthru-broken/