January 12, 2012
Hot on the heels of our last release comes Atmail 6.3.5. This is a security update which resolves various XSS and potential vulnerabilities.
Security Related Changes
- Zend input filter now matches embedded objects within filter target
- Added sanitizer to sieve filter functions to correct XSS potential in sieve
- Fixed XSS potential in calendar events popup and associated backend data
- Added input filtering to log search to correct vulnerability in index and range calculation
- Added input filtering to admin user controller to correct various security issues in User Manager
Fixed
- Corrected uninitialized array usage in dashboard controller during graph calculation
- Corrected unhandled exception in logsearch when no index or duration specified
- Corrected unhandled exception in user list for groups without users
- Corrected unhandled exception on invalid data for view contact
Comments