DavMail 6.6.0 fixes security flaw, improves Microsoft Graph
▼ Summary
– DavMail version 6.6.0 was released to address a security vulnerability related to a regex issue.
– The update modifies OAuth redirect handling to comply with recent Microsoft changes.
– DavMail is a gateway application that connects standard email clients to Microsoft Exchange or Office 365.
– The release is a direct response to a code-scanning alert that identified the vulnerability.
– This update is specifically for organizations that use the DavMail software.
Organizations relying on the DavMail gateway to connect traditional email clients with Microsoft Exchange and Office 365 should implement a new update. The release of version 6.6.0 this week resolves a significant security vulnerability identified through code scanning. This flaw was related to a regex vulnerability that could have posed a potential risk. The update also modifies the application’s OAuth redirect handling. This change aligns the software with a recent adjustment in Microsoft’s authentication protocols, ensuring continued compatibility and secure authorization flows.
Beyond these critical fixes, the maintenance release incorporates several under-the-hood improvements. Developers have applied general code cleanup and made refinements to the Microsoft Graph integration. These enhancements contribute to the overall stability and performance of the bridge service, which allows protocols like IMAP, POP3, and SMTP to interface with Microsoft’s cloud-based and on-premises mail systems. For administrators, keeping the DavMail proxy current is essential for maintaining both security posture and reliable connectivity for users who depend on third-party mail clients.
(Source: Help Net Security)
