🍂🐄 Mootember Update 2022 - Quarantine & Swagger UI Fix Update - Revision A | Changes

2022-09a (Release: 30th September 2022)


  • The Twig template system on which mailcow is based has been updated to version 3.4.3 and closes CVE-2022-39261.
    Attention: This CVE is not critical for all mailcow users but only serves to update the packages.

2022-09 (Release: 27th September 2022)

Moohoo everyone!

The official September update is here and brings this time unfortunately only a small update, which is not to be ignored, however.

We’ve addressed one minor security issue with the Swagger UI for mailcow. More details in this Article.

Stable changes (stable Branch)

Vulnerability in Swagger UI

Before we talk about the Nightly Updates, let’s talk about the Swagger vulnerability.

This allowed a script to be loaded via the URL call of the Swagger UI which could convert the page into a credit card phishing portal, for example.

We have opened a CVE case for this: CVE-2022-39258

On GitHub you can read the more detailed informations: https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vjgf-cp5p-wm45

Before panic kicks in this is the most harmless of the security vulnerabilities so far.

We advise (as always) to update soon of course!

Nightly changes (Bootstrap 5 update)

So, let’s move on to the Nightly Updates, which are fully focused on the Bootstrap 5 update:

  • [NEW] Sieve Access can now be toggled via Mass-Actions
  • [NEW] Added a Loading Animation for the Container Charts
  • [NEW] The Public IP-Adresses of your Mailserver (done with dig inside the containers) are now displayed on the Dashboard Page.
  • [FIX] Fixed some Layout Issues (especially Color Changes)

As some of you may have inferred, we are listening to your feedback regarding the Bootstrap 5 update. We are still diligently collecting feedback on this.

Either here on GitHub, on Telegram, at the Forum or simply via Mail to info@mailcow.email.

Keep in mind: The mentioned Bootstrap 5 changes only affect the Nightly Builds (for now).

Learn here how you can obtain Nightly Builds too: https://docs.mailcow.email/de/i_u_m/i_u_m_update/#neu-nightly-updates-beziehen or use the new Nightly Demo.

More information and the login data for the demo can be found here: https://docs.mailcow.email/#demos

That would be it also so far.

Until then, stay healthy and have a happy #Hacktober

Your mailcow Team