How can we help?




Follow

Minor Update 7.8.2

Stewart -

Release overview

Release Date: 11 April 2018
Release Versions: On-Premises v7.8.2

Release highlights

  • Upgrade HTML Purifier
  • Added option to force to SSL for web admin UI
  • Improved mime parsing for body and subject content

Security

  • Fixed in accessibility mode that HTML tags and scripts are allowed in Contact Groups.
  • Fixed horizontal privilege escalation with photo views
  • When using plain HTTP connection, sensitive information in server response is exposed for iOS mobile profile

Fixed Known Issues

  • Some attached files are displayed 2 times

Known Issues

  • Some email style sheets are sanitized resulting in incorrect rendering. If found please submit raw email.

Changelog

T Summary Description Status Component(S)
Bug Log search Type not correct

When searching logs for spam in the web admin, results that should be showing as "Rejected" are showing as "Marked".

RESOLVED WEBADMIN UI 
Bug Multi-lined subject isn't displayed correctly

When a subject header is multi-lined and has a MIME-encoded string, it wouldn't display it correctly.

 

RESOLVED Email Rendering, Web User Interface
Bug Message Analysis - Body blank only via Webmail

Certain messages when viewed by Webmail the body is left blank.

Outlook or other emails (gmail.com, hotmail.com) presents no problem.

RESOLVED Email Rendering, Web User Interface
Improvement Security: Force to SSL option for mail server admin login page

Security: Force to SSL option for mail server admin login page

Currently, if you surf to HTTP://domain/admin you can then enter creds that are transmitted in plaintext. 
Whilst the customer can certainly block port 80 and have 443 only; we should help our customers by providing a default "kick to HTTPS" option in the administration configuration.

RELEASED WEBAMIL UI, WEBADMIN UI, SECURITY, APACHE
Improvement Upgrade HTMLPurifier

HTMLPurifier may need to be upgraded, as current one strips some latest style sheet.

RELEASED WEBMAIL UI, WEBADMIN UI, Email Rendering
Bug Security: Sensitive information in server response

Security: iOS profiles contain plaintext passwords

When using the iosprofile page - the users password is exposed in the payload.

  • Remove password and allow device to prompt for password.
RESOLVED iOS configuration profiles, Security
Bug Security: Horizontal privilege escalation

Description:
• An application logic flaw existed within the assessed application, categorized as a Horizontal Privilege Escalation vector.

RESOLVED Security, WEBADMIN 
Bug Attached files are displayed 2 times.

Certain emails with attached is sent, the attached are displayed 2 times. 

RESOLVED Email, Email - Attachments
Bug Setting HTML tags are allowed in Contact Groups

On accessibility mode, HTML tags and scripts are allowed in Contact Groups.

 

RESOLVED Mobile/Accessibility User Interface, Security
 
 
Have more questions? Submit a request

Comments


Contact our support team


+61 (7) 5357 6605       support@atmail.com