Hallo,
Sehubungan adanya kerawanan (vulnerability) di Webmail cross-site
scripting (XSS)
https://scanrepeat.com/vulnerability-database/mdaemon-webmail-cross-site-scripting
https://owasp.org/www-community/attacks/xss/
MDaemon developer menyampaikan adanya Security Patch (bug fixed) untuk
perbaikkan produk MDaemon yang ada.
https://mdaemon.com/pages/downloads-critical-updates?
MDaemon Email Server - Critical Update MD111424
Fix to MDaemon Email Server and MDaemon Webmail Vulnerablities
Updated November 14, 2024
Summary
A vulnerability for cross-site scripting (XSS) was reported and has been
addressed.
Affected Software
All supported versions of MDaemon Email Server, 20.0.0 through 24.5.0.
We recommend that administrators download and install the applicable
version found below to address the issue. Although no longer supported,
versions older than 20.0.0 are also affected. It is highly recommended
that all MDaemon Email Server customers running a non-supported version
renew their license and upgrade to a supported and applicable version*
(from the list below) to receive the latest security and software features.
There are no known issues that customers may experience when downloading
the update.
Critical updates are free for all users. Customers must download the
software version file for which they are eligible (the paid version in
use whether the license is current or expired). If a
different/ineligible version is downloaded, that version will cease to
work after 30 days. MDaemon Technologies recommends always using the
current version to ensure you receive the latest security and software
features.
--
syafril
--------
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 24.5.1
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.
A good scientist is a person with original ideas. A good engineer is a
person who makes a design that works with as few original ideas as
possible. There are no prima donnas in engineering.
--- Freeman Dyson
