If you have a backdated copy of the SmarterMail, in particular to two of the vulnerabilities found in the earlier version I would suggest to get the latest copy and move up to 13.3.5535. You can download the latest from here: http://smartertools.com/smartermail/mail-server-download.aspx.
Just in case you have forgotten the steps on how to “properly” upgrade your SmarterMail. Please make sure you have a backup before proceed.
- Stop IIs www publishing service or SmarterMail web service.
- Uninstall SmarterMail without removing the existing folders or files.
- Install the latest copy of SmarterMail.
- Once it’s completed, start SmarterMail web service or IIs www publishing service.
Wait for a minute or so, sign in to admin portal to make sure everything is working. Sometime it might take a little longer to start up if you have a slower server and many mailboxes. Just be patient, do not attempt to restart your Smartermail Service unless it has stopped for some reasons.
- ADDED: Updated administrative logging to include the friendly name of the event that was fired in addition to it’s id number.
- FIXED: A temporary disk error when reading an account’s userConfig.xml file will no longer result in the user’s settings being reset to the defaults, including a blank password.
- FIXED: A user with read-only control of a shared calendar can no longer delete instances of a recurring event.
- FIXED: A zero byte fileStore.xml file will no longer prevent SmarterMail from starting properly.
- FIXED: Adding a calendar event using Android’s default calendar app with Exchange ActiveSync now syncs correctly.
- FIXED: Adding a recurring event that occurs on a specific week of each month now syncs correctly using Exchange ActiveSync.
- FIXED: Adding a task using Outlook 2013 with Exchange ActiveSync now syncs correctly.
- FIXED: Adding duplicate entries to trusted senders is no longer allowed.
- FIXED: Availability conflicts are now calculated correctly when adding or editing a new calendar event in webmail.
- FIXED: Birth dates set on iOS devices using Exchange ActiveSync now sync correctly.
- FIXED: Changing an event’s start time that includes a domain resource now properly updates the availability of that domain resource.
- FIXED: Contacts imported from a CSV file that include only white space in certain imported fields are now saved properly, such that they can be successfully synced with Exchange ActiveSync.
- FIXED: Creating a calendar and immediately deleting an event using the Mac OSX calendar app with Exchange Web Services now syncs correctly.
- FIXED: Declude spam weights now save correctly.
- FIXED: Domain resource availability is now calculated properly when determining scheduling conflicts.
- FIXED: Editing a password brute force or denial of service abuse detection rule for XMPP now correctly sets the service field to XMPP.
- FIXED: Email folders that contain special characters are now sorted correctly in webmail.
- FIXED: Exchange ActiveSync responses will no longer send an empty Exceptions tag, which would cause Outlook 2013 to crash.
- FIXED: Folders with special characters in their name now sync correctly using Exchange ActiveSync.
- FIXED: Made changes to how folder renaming is handled to prevent a scenario that could cause mailbox corruption.
- FIXED: Renaming a folder that contains special characters using Exchange ActiveSync no longer causes an error in webmail when trying to view that folder.
- FIXED: Setting a contact’s birth date on a client synced using CardDAV will no longer save as one day off for users in time zones with positive offsets from GMT.
- FIXED: Temporary files created during Exchange ActiveSync SmartForward, SmartReply and other email attachment operations are now immediately cleaned up when no longer needed.
- FIXED: The number of items sent back per Exchange ActiveSync response is now correctly determined using the WindowSize specified by the client.
- SECURITY: Resolved an XSS vulnerability related to replying to an email.
- SECURITY: Resolved an XSS vulnerability related to viewing email.
