Hi Packages for releases v5.1.1 and v2.4.1 are now available, as well as new nightly builds.
Don't forget to also update lasso if you use SAML2 authentication. Thanks, Francis > On Jun 1, 2021, at 08:45, Francis Lachapelle <email@example.com> wrote: > > Dear Community Member, > > With the recent vulnerability found in the Lasso library (CVE-2021-28091), > which SOGo uses to do SAML-based authentication, we urge you to either > disable SAML authentication or temporarily disable the SOGo service until > updated packages are available for your operating system of choice and until > we release SOGo v5.1.1 and v2.4.1. > > SOGo has its own vulnerability regarding the Lasso usage (CVE-2021-33054) and > we will provide updated SOGo packages in about two hours to fix this. > > If you are NOT using SAML authentication, you are not affected by this bug > nor you need to upgrade. > > In order to have the full fix for these issues, you must update the Lasso to > v2.7.0 or later and update the SOGo packages. You should also invalidate all > current user sessions > (https://www.sogo.nu/support/faq/how-to-invalidate-all-users-sessions.html#/faq). > > If you need further assistance on this issue, please use the mailing list. > > Thanks, > > The Inverse team
Description: S/MIME cryptographic signature