In association with heise online

13 May 2009, 11:31

Security Update for SquirrelMail

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The SquirrelMail developers have announced the release of version 1.4.18 of their open source standards based webmail package. The update fixes multiple security problems, including several cross-site scripting (XSS) vulnerabilities and a session fixation issue, which could be used to steal user log-in credentials.

A "dangerous" server-side code execution vulnerability has also been patched, however, the developers do not provide any other details. The release also includes three new languages and enhancements to the filter plug-ins and address book system.

Version 1.4.18 is available to download and all users are advised to update. SquirrelMail is released under the GNU General Public License (GPL).

See also:

  • Security, an overview of known SquirrelMail security issues.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit