# 🍂🐄 Mootember Update 2022 - Quarantine & Swagger UI Fix Update - Revision A | Changes

Contents

### 2022-09a (Release: 30th September 2022)

Changes:

• The Twig template system on which mailcow is based has been updated to version 3.4.3 and closes CVE-2022-39261.
Attention: This CVE is not critical for all mailcow users but only serves to update the packages.

### 2022-09 (Release: 27th September 2022)

Moohoo everyone!

The official September update is here and brings this time unfortunately only a small update, which is not to be ignored, however.

We’ve addressed one minor security issue with the Swagger UI for mailcow. More details in this Article.

### Vulnerability in Swagger UI

This allowed a script to be loaded via the URL call of the Swagger UI which could convert the page into a credit card phishing portal, for example.

We have opened a CVE case for this: CVE-2022-39258

Before panic kicks in this is the most harmless of the security vulnerabilities so far.

We advise (as always) to update soon of course!

### Nightly changes (Bootstrap 5 update)

So, let’s move on to the Nightly Updates, which are fully focused on the Bootstrap 5 update:

• [NEW] Sieve Access can now be toggled via Mass-Actions
• [NEW] The Public IP-Adresses of your Mailserver (done with dig inside the containers) are now displayed on the Dashboard Page.
• [FIX] Fixed some Layout Issues (especially Color Changes)

As some of you may have inferred, we are listening to your feedback regarding the Bootstrap 5 update. We are still diligently collecting feedback on this.

Either here on GitHub, on Telegram, at the Forum or simply via Mail to info@mailcow.email.

Keep in mind: The mentioned Bootstrap 5 changes only affect the Nightly Builds (for now).

Learn here how you can obtain Nightly Builds too: https://docs.mailcow.email/de/i_u_m/i_u_m_update/#neu-nightly-updates-beziehen or use the new Nightly Demo.