Dear Pak Syafril,
Mohon tanya, update nya aman untuk dijalan Pak ?
Terima kasih,
Regards,
Ming An
On 15/11/2024 6:52, Syafril Hermansyah via Mdaemon-L wrote:
Email ini berasal dari luar Indofood Group. Pastikan dahulu kebenaran
isi email maupun pengirimnya, silahkan hubungi IT Personnel di Unit
anda untuk bantuan lebih lanjut.
Hallo,
Sehubungan adanya kerawanan (vulnerability) di Webmail cross-site
scripting (XSS)
BLOCKEDscanrepeat[.]com/vulnerability-database/mdaemon-webmail-cross-site-scriptingBLOCKED
https://owasp.org/www-community/attacks/xss/
MDaemon developer menyampaikan adanya Security Patch (bug fixed) untuk
perbaikkan produk MDaemon yang ada.
https://mdaemon.com/pages/downloads-critical-updates?
MDaemon Email Server - Critical Update MD111424
Fix to MDaemon Email Server and MDaemon Webmail Vulnerablities
Updated November 14, 2024
Summary
A vulnerability for cross-site scripting (XSS) was reported and has
been addressed.
Affected Software
All supported versions of MDaemon Email Server, 20.0.0 through 24.5.0.
We recommend that administrators download and install the applicable
version found below to address the issue. Although no longer
supported, versions older than 20.0.0 are also affected. It is highly
recommended that all MDaemon Email Server customers running a
non-supported version renew their license and upgrade to a supported
and applicable version* (from the list below) to receive the latest
security and software features.
There are no known issues that customers may experience when
downloading the update.
Critical updates are free for all users. Customers must download the
software version file for which they are eligible (the paid version in
use whether the license is current or expired). If a
different/ineligible version is downloaded, that version will cease to
work after 30 days. MDaemon Technologies recommends always using the
current version to ensure you receive the latest security and software
features.
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 24.5.1, SecurityGateway 10.5.0