"richard@xxxxxxxxxxxxxx": > "Jon Angliss": >> Due to the package compromise of 1.4.11, and 1.4.12, we are forced to >> release 1.4.13 to ensure no confusions. > > When and in which way was 1.4.11 compromised? This came to me as a > surprise since all the other posts only mentioned 1.4.12?! > > My 1.4.11 setup doesn't have the known HTTP_BASE_PATH manipulation, but > I took it offline nonetheless. Problem is, however, that 1.4.13 doesn't > work for me (see other post), so for the moment the users who rely on > webmail here don't have access to their mail. > > Can I take my 1.4.11 setup online again or are there other security > issues? 1.4.11 was, as far as I know, compromised 2007-11-24. If your packet was downloaded prior to that date there shouldn't be any problems using it. Still, I advice everyone to upgrade to 1.4.13 if possible. Sincerely, Fredrik ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
