-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a8e05f6
commit 0c49f1f
Showing
2 changed files
with
88 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| title: "🔥🐄 Mooly Update 2024 | Sicherheitsupdate" | ||
| date: 2024-08-05T09:08:00+02:00 | ||
| draft: false | ||
|
|
||
| author: FreddleSpl0it | ||
| authorLink: "https://github.com/FreddleSpl0it" | ||
| toc: true | ||
|
|
||
| license: "" | ||
|
|
||
| tags: ["2024", "update", "changelog"] | ||
| categories: ["Updates"] | ||
|
|
||
| --- | ||
|
|
||
| ## 2024-07 (Release vom 05.08.2024) | ||
|
|
||
| **Moohoo** Alle zusammen! | ||
|
|
||
| Mit dem Mooly Update werden drei Sicherheitslücken in der mailcow geschlossen. | ||
|
|
||
| 1. CVE-2024-41958 - Two-Factor Authentication (2FA) Bypass Vulnerability | ||
| 2. CVE-2024-41959 - XSS Vulnerability via API Logs | ||
| 3. CVE-2024-41960 - XSS Vulnerability via Relay Hosts Configuration | ||
|
|
||
| ### Changelog | ||
|
|
||
| * Do not add MAILCOW_WHITE on failed DMARC | ||
| * [Postfix] update postscreen_access.cidr | ||
| * Security fixes | ||
|
|
||
| Der vollständige Changelog, einschließlich der einzelnen Commits, ist für Interessierte jederzeit auf GitHub verfügbar: | ||
| https://github.com/mailcow/mailcow-dockerized/releases/tag/2024-07 | ||
|
|
||
| --- | ||
|
|
||
| Ein großes Dankeschön an **Julian B., Software Secured** und **Patrik Mayor, Ukatemi Technologies Plc** für das Melden der Sicherheitslücken. | ||
| Vergesst nicht, euren E-Mail-Server immer auf dem neuesten Stand zu halten! | ||
|
|
||
| Bleibt gesund und frohes Mailing. | ||
|
|
||
| Euer mailcow-Team | ||
| > FreddleSpl0it |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| title: "🔥🐄 Mooly Update 2024 | Security Update" | ||
| date: 2024-08-05T09:08:00+02:00 | ||
| draft: false | ||
|
|
||
| author: FreddleSpl0it | ||
| authorLink: "https://github.com/FreddleSpl0it" | ||
| toc: true | ||
|
|
||
| license: "" | ||
|
|
||
| tags: ["2024", "update", "changelog"] | ||
| categories: ["Updates"] | ||
|
|
||
| --- | ||
|
|
||
| ## 2024-07 (Release on 5th August 2024) | ||
|
|
||
| **Moohoo** everyone! | ||
|
|
||
| With the Mooly update, three security vulnerabilities in mailcow will be closed. | ||
|
|
||
| 1. CVE-2024-41958 - Two-Factor Authentication (2FA) Bypass Vulnerability | ||
| 2. CVE-2024-41959 - XSS Vulnerability via API Logs | ||
| 3. CVE-2024-41960 - XSS Vulnerability via Relay Hosts Configuration | ||
|
|
||
| ### Changelog | ||
|
|
||
| * Do not add MAILCOW_WHITE on failed DMARC | ||
| * [Postfix] update postscreen_access.cidr | ||
| * Security fixes | ||
|
|
||
| The full changelog, including individual commits, is available on GitHub for those interested: | ||
| https://github.com/mailcow/mailcow-dockerized/releases/tag/2024-07 | ||
|
|
||
| --- | ||
|
|
||
| Thanks to **Julian B., Software Secured** and **Patrik Mayor, Ukatemi Technologies Plc** for reporting the security vulnerabilities. | ||
| Please always ensure your email server is up to date with patches! | ||
|
|
||
| Stay healthy and happy mailing. | ||
|
|
||
| Your mailcow team | ||
| > FreddleSpl0it |