🔥🐄 Mooly Update 2024 | Security Update - mailcow: dockerized

FreddleSpl0it included in Updates

08-05-2024 08-26-2024 About 200 words One minute

Contents

2024-07 (Release on 5th August 2024)

Moohoo everyone!

With the Mooly update, three security vulnerabilities in mailcow will be closed.

CVE-2024-41958 - Two-Factor Authentication (2FA) Bypass Vulnerability
CVE-2024-41959 - XSS Vulnerability via API Logs
CVE-2024-41960 - XSS Vulnerability via Relay Hosts Configuration

Changelog

Do not add MAILCOW_WHITE on failed DMARC
[Postfix] update postscreen_access.cidr
Security fixes

The full changelog, including individual commits, is available on GitHub for those interested: https://github.com/mailcow/mailcow-dockerized/releases/tag/2024-07

Thanks to Julian B., Software Secured and Patrik Mayor, Ukatemi Technologies Plc for reporting the security vulnerabilities. Please always ensure your email server is up to date with patches!

Stay healthy and happy mailing.

Your mailcow team

FreddleSpl0it