Hello, our university uses a security scanner to check for outdated and insecure software. The scanner recently noticed, that squirrel mail was vulnerable for CVE-2017-7692. According to your Changelog, this CVE has been fixed on April, 25. The security scanner has not been able to recognize, that you fixed the CVE, because it can only check the Version string of squirrelmail. Is it possible, that you increase the minor Version each time a CVE is fixed, so security scanners will be able to detect, if a version is installed, where the CVE is fixed? Sincerly Frank Knoben RWTH Aachen Germany ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
