Dear Community Member,

With the recent vulnerability found in the Lasso library (CVE-2021-28091), 
which SOGo uses to do SAML-based authentication, we urge you to either disable 
SAML authentication or temporarily disable the SOGo service until updated 
packages are available for your operating system of choice and until we release 
SOGo v5.1.1 and v2.4.1.

SOGo has its own vulnerability regarding the Lasso usage (CVE-2021-33054) and 
we will provide updated SOGo packages in about two hours to fix this.

If you are NOT using SAML authentication, you are not affected by this bug nor 
you need to upgrade.

In order to have the full fix for these issues, you must update the Lasso to 
v2.7.0 or later and update the SOGo packages. You should also invalidate all 
current user sessions 

If you need further assistance on this issue, please use the mailing list.


The Inverse team

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to