Synology released two security bulletins to finish off the year. I recapped the security bulletins issued earlier in December here.
Both new bulletins were related to MailPlus. Servers and clients are all impacted. You’ll want to be sure you’re on one of the following versions.
- MailPlus Server – Version 1.4.0-0415 or above
- MailPlus – Version 1.4.1-0742 or above.
- Android MailPlus – Version 1.6.1 or above.
- iOS MailPlus – still pending
Synology Security Bulletin SA-17:81 addresses a cross-site scripting vulnerability in MailPlus Server.
Synology Security Bulletin SA-17:82 addresses the collection of bugs know as Mailsploit.