SmarterTools has released SmarterMail Build 9526, the latest version of their enterprise email server platform. SmarterMail is widely used by businesses and service providers worldwide for secure, reliable email, calendaring, and collaboration services. This update focuses on improving security, fixing critical bugs, and enhancing overall system reliability.
The release addresses several serious security vulnerabilities that could have allowed unauthorized access or data exposure. A BIMI SSRF (Brand Indicators for Message Identification Server-Side Request Forgery) vulnerability has been patched, along with API endpoints that had improper security scopes. The update also fixes a flaw where EWS (Exchange Web Services) could be exploited for email spoofing even when authentication matching was properly configured.
Multiple authentication mechanisms have been strengthened. JWT (JSON Web Token) tokens and password reset tokens have been hardened to prevent token-based attacks, and CAPTCHA enforcement during password resets is now more reliable. The update also resolves cross-site scripting vulnerabilities affecting MAPI (Messaging Application Programming Interface) requests.
The release also corrects several functional issues, including a permission flaw that allowed administrators to impersonate users without authorization. Password resets now work properly for administrators with two-factor authentication enabled, and administrative logs accurately reflect reset outcomes. On the user side, HTML rendering in multipart emails and birthdate display in Outlook on Android have been improved. High availability deployments also benefit from corrected refresh token validation and better file name handling.
Visit the official SmarterMail release notes here for full technical details and changelog.
Leave a Reply