Updated: March 18, 2024
In the ever-evolving landscape of cybersecurity, vigilance is key. At Axigen, we not only respond to external vulnerability reports but also proactively conduct internal security reviews. Our latest review, conducted at the beginning of 2024, has led to significant enhancements across our products. This post outlines the vulnerabilities we've addressed and the updates we've released to fortify your email communication.
Identified Issues and Fixes
Our recent review identified and addressed several potential vulnerabilities and threats:
-
Mobile WebMail Enhancements: We've eliminated HTML injection vulnerabilities across various user interaction pages, including subscription management, folder sharing, contact editing, and folder listing. These fixes ensure that your data remains secure during webmail access on mobile devices.
-
WebMail Security Strengthening: We addressed Cross-Site Scripting (XSS) vulnerabilities in the Ajax interface and action handling scripts. These measures prevent unauthorized script executions, safeguarding your information integrity.
-
Email Content Security: We've extended body filtering rules for messages containing external images, reducing the risk of malicious content reaching your inbox. In addition, we're now filtering out the referrer attribute in order to avoid referrer exfiltration.
-
Authentication Security: Our update includes enhancements to the cryptography behind cookie-based authentication, further securing user sessions against potential threats.
Security Updates
To implement these improvements, we are rolling out updates for all the major versions we currently support:
-
Axigen 10.3.x and lower: Update to 10.3.3.64
-
Axigen 10.4.x: Update to 10.4.31
-
Axigen 10.5.x: Update to 10.5.18
These updates are critical for maintaining the highest security standards and are recommended for all users of Axigen 10.3.x and lower, 10.4.x, and 10.5.x versions.
Why These Updates Matter
Security in digital communication is not just about responding to threats; it's about anticipating and mitigating them before they become issues. These updates are a testament to our commitment to providing a secure, reliable email solution. By addressing these vulnerabilities, we're not only protecting against known risks but also reinforcing our defenses against potential future threats.
Future Plans
Our security review is not a one-time event but a cornerstone of our continuous improvement ethos. We are already planning further assessments and updates to ensure Axigen remains at the forefront of secure email solutions.
Conclusion
We encourage all our customers to apply these updates as part of their regular maintenance routine. Keeping your software up to date is a crucial step in securing your digital assets.
Thank you for your trust in Axigen. Together, we can ensure that your email communication remains secure, efficient, and reliable.