Hi

Packages for releases v5.1.1 and v2.4.1 are now available, as well as new 
nightly builds.

Don't forget to also update lasso if you use SAML2 authentication.

Thanks,

Francis

> On Jun 1, 2021, at 08:45, Francis Lachapelle <users@sogo.nu> wrote:
> 
> Dear Community Member,
> 
> With the recent vulnerability found in the Lasso library (CVE-2021-28091), 
> which SOGo uses to do SAML-based authentication, we urge you to either 
> disable SAML authentication or temporarily disable the SOGo service until 
> updated packages are available for your operating system of choice and until 
> we release SOGo v5.1.1 and v2.4.1.
> 
> SOGo has its own vulnerability regarding the Lasso usage (CVE-2021-33054) and 
> we will provide updated SOGo packages in about two hours to fix this.
> 
> If you are NOT using SAML authentication, you are not affected by this bug 
> nor you need to upgrade.
> 
> In order to have the full fix for these issues, you must update the Lasso to 
> v2.7.0 or later and update the SOGo packages. You should also invalidate all 
> current user sessions 
> (https://www.sogo.nu/support/faq/how-to-invalidate-all-users-sessions.html#/faq).
> 
> If you need further assistance on this issue, please use the mailing list.
> 
> Thanks,
> 
> The Inverse team

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to