January 12, 2012

Hot on the heels of our last release comes Atmail 6.3.5. This is a security update which resolves various XSS and potential vulnerabilities.

Security Related Changes

• Zend input filter now matches embedded objects within filter target
• Added sanitizer to sieve filter functions to correct XSS potential in sieve
• Fixed XSS potential in calendar events popup and associated backend data
• Added input filtering to log search to correct vulnerability in index and range calculation
• Added input filtering to admin user controller to correct various security issues in User Manager

Fixed

• Corrected uninitialized array usage in dashboard controller during graph calculation
• Corrected unhandled exception in logsearch when no index or duration specified
• Corrected unhandled exception in user list for groups without users
• Corrected unhandled exception on invalid data for view contact