FTGate Update 7.0.300
This update is available via auto-update.
It can also be applied manually if your UPSP is up to date: http://download.ftgate.com/files/FTGate7/updates/ftgau70300.fau
Changes:
- Fixed smtp receive errors causing lockup of DNS and SMTP service
- Fixed SMTP send to none mx sites with odd dns servers
- Added spf blocking filter 1
- Added webmail view size limiter
- Fixed mailbox list script errors
- Fixed sql list display items
- Fixed archive forwarding and resend envelope address
- Fixed case sensitivity on attachment filter
- Fixed invalid characters being included in contacts email addresses when users paste control characters into the fields.
- Fixed sent items folder showing sender rather than recipients
- Fixed Smartpop handling of raw apostrophe in multi recipient lists
- Fixed inbox rule handling of special characters in name
- Fixed deleting of entries form the service access lists
- Added additional smtp size limit options
- Fixed occasional sql errors
- Fixed multiple CSRF & XSS Vulnerabilities 2
- See the following documentation for more details:
http://docs.ftgate.com/ftgate-documentation/using-ftgate/filtering-anti-spam-anti-virus/spf-filter/ - This issue was identified by John Page aka hyp3rlinx and represents a potentially serious issue whereby a normal level user can execute some administrator commands by the use of specially crafted requests to the webmail services, including the ability to grant themselves full admin rights to FTGate.