Updated: July 8, 2024
In the ever-evolving landscape of cybersecurity, vigilance is key. At Axigen, we not only respond to external vulnerability reports but also proactively conduct internal security reviews. Our latest review, conducted at the beginning of 2024, has led to significant enhancements across our products. This post outlines the vulnerabilities we've addressed and the updates we've released to fortify your email communication.
Identified Issues and Fixes
Our commitment to enhancing security is ongoing, and in our latest reviews, we have addressed a range of vulnerabilities across Mobile WebMail, Standard WebMail, and broader system updates:
- Mobile WebMail Enhancements:
-
We have remedied HTML injection vulnerabilities across several user interaction pages, enhancing security for subscription management, folder sharing, contact editing, and folder listings.
-
- WebMail Security Strengthening:
- We resolved Cross-Site Scripting (XSS) vulnerabilities within our Ajax interface and action handling areas.
- Additional improvements include fixes for HTML injection vulnerabilities encountered when viewing source code for large messages, and XSS vulnerabilities in similar contexts.
- We’ve improved the sanitization of content loaded through attachments interfaces and identified content identifiers.
- Standard WebMail Updates:
- Addressed multiple HTML injection risks across various aspects of the standard WebMail interface, including during the contact import process and within typical navigation structures.
- Email Content Security:
- We've extended body filtering rules for messages containing external images, reducing the risk of malicious content reaching your inbox. In addition, we're now filtering out the referrer attribute in order to avoid referrer exfiltration.
- Authentication Security:
-
We've enhanced the cryptography behind cookie-based authentication, further securing user sessions against potential threats.
-
Security Updates
To implement these improvements, we are rolling out updates for all the major versions we currently support:
-
Axigen 10.3.x and lower: Update to 10.3.3.65
-
Axigen 10.4.x: Update to 10.4.36
-
Axigen 10.5.x: Update to 10.5.23
These updates are critical for maintaining the highest security standards and are recommended for all users of Axigen 10.3.x and lower, 10.4.x, and 10.5.x versions.
Why These Updates Matter
Security in digital communication is not just about responding to threats; it's about anticipating and mitigating them before they become issues. These updates are a testament to our commitment to providing a secure, reliable email solution. By addressing these vulnerabilities, we're not only protecting against known risks but also reinforcing our defenses against potential future threats.
Future Plans
Our security review is not a one-time event but a cornerstone of our continuous improvement ethos. We are already planning further assessments and updates to ensure Axigen remains at the forefront of secure email solutions.
Conclusion
We encourage all our customers to apply these updates as part of their regular maintenance routine. Keeping your software up to date is a crucial step in securing your digital assets.
Thank you for your trust in Axigen. Together, we can ensure that your email communication remains secure, efficient, and reliable.