[oxse-announce] Open-Xchange Security Announcement for OX App Suite v7.4.2
Open-Xchange Server Edition Maintenance Announcements
oxse-announce at open-xchange.com
Fri Feb 21 16:17:29 CET 2014
Subject: Open-Xchange Security Announcement for OX App Suite v7.4.2
Dear Customers of Open-Xchange,
we would like to inform you that we found a potential security issue in our newly implemented auto-configuration mechanism while trying to configure external email accounts in OX App Suite which is available since 7.4.2.
Under some circumstances it may happen that the configuration fails and returns an email address from a previously failing configuration attempt from any other user of the system.
We are going to release a patch for this as soon as possible. In the meantime we recommend to disable this auto-configuration feature for external E-Mail accounts or disable it completely by running the command
# /opt/open-xchange/sbin/stopbundle com.openexchange.mail.autoconfig.json
which forces a manual configuration of an external mail account.
Best regards,
Your Open-Xchange Team
--
Open-Xchange AG, Rollnerstr. 14, 90408 Nürnberg
Amtsgericht Nürnberg HRB 24738
Vorstand: Rafael Laguna de la Vera, Carsten Dirks
Aufsichtsratsvorsitzender: Richard Seibt
More information about the oxse-announce
mailing list