Dear Pak Syafril,

Mohon tanya, update nya aman untuk dijalan Pak ?
Terima kasih,
Regards,

Ming An
On 15/11/2024 6:52, Syafril Hermansyah via Mdaemon-L wrote:
Email ini berasal dari luar Indofood Group. Pastikan dahulu kebenaran isi email maupun pengirimnya, silahkan hubungi IT Personnel di Unit anda untuk bantuan lebih lanjut.

Hallo,

Sehubungan adanya kerawanan (vulnerability) di Webmail cross-site scripting (XSS)

BLOCKEDscanrepeat[.]com/vulnerability-database/mdaemon-webmail-cross-site-scriptingBLOCKED

https://owasp.org/www-community/attacks/xss/

MDaemon developer menyampaikan adanya Security Patch (bug fixed) untuk perbaikkan  produk MDaemon yang ada.

https://mdaemon.com/pages/downloads-critical-updates?

MDaemon Email Server - Critical Update MD111424

Fix to MDaemon Email Server and MDaemon Webmail Vulnerablities

Updated November 14, 2024

Summary
A vulnerability for cross-site scripting (XSS) was reported and has been addressed.

Affected Software
All supported versions of MDaemon Email Server, 20.0.0 through 24.5.0. We recommend that administrators download and install the applicable version found below to address the issue. Although no longer supported, versions older than 20.0.0 are also affected. It is highly recommended that all MDaemon Email Server customers running a non-supported version renew their license and upgrade to a supported and applicable version* (from the list below) to receive the latest security and software features.

There are no known issues that customers may experience when downloading the update.

Critical updates are free for all users. Customers must download the software version file for which they are eligible (the paid version in use whether the license is current or expired). If a different/ineligible version is downloaded, that version will cease to work after 30 days. MDaemon Technologies recommends always using the current version to ensure you receive the latest security and software features.




--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 24.5.1, SecurityGateway 10.5.0



Kirim email ke