>> Im using SM 1.2.11 under NetBSD and there seems to be >> cross-site-scripting >> exploit in this version, but I can't find any information on it ? >> >> When was this found and do I need to upgrade to 1.4.1 because of this ? >> (YES >> I would like to keep the site secure ! ) > > Updating is your choice. Read more and decide. I did.
Indeed. Although IIRC, the XSS fix was included in the 1.2.10 -> 1.2.11 upgrade. I forget and am too lazy to look at the Changelog, but if *you* are too lazy to upgrade to 1.4 ;> then you should read more documentation and figure out where the fix was made. If 1.4 is too much of a leap for you (not sure why), you could go to 1.2.11 CVS where the problem is most certainly fixed. - Paul ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id)95 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
