Hi,

I can't work out what the security issue is that this release fixes. Can anyone explain what the fix was and what the consequence of not upgrading is? I couldn't understand from the release notes whether I needed to worry about this or not.

Thanks for any enlightenment!

Comments

sgabe’s picture

sgabe CreditAttribution: sgabe commented

The module allows processing of incoming messages by posting data to the www.example.com/mimemail path. If you have the Process incoming messages posted to this site option disabled (unchecked, which is the default) under the Advanced settings, an "Access denied" will be displayed by visiting this path on your site, so you are safe. Otherwise if you don't upgrade, an attacker may be able to post messages to your site. The consequence depends on how are you using this feature (what are you doing with the messages).

sgabe’s picture

sgabe CreditAttribution: sgabe commented
Status: Active » Closed (fixed)