Zero-day Vulnerability found in Roundcube Webmail servers
On the 11th of October 2023, ESET discovered that a zero-day XSS vulnerability in the Roundcube Webmail server was being exploited. Dualog currently uses Roundcube for our webmail service for Business Mail and Crew Mail. In response, Dualog has released an upgraded version of Connection Suite which incorporates the latest security updates released by Roundcube to address the vulnerability. Additionally, our security team has implemented targeted changes to MailDefence to monitor messages that may exploit this vulnerability.
To keep your fleet secure, we strongly recommend upgrading your version of Connection Suite as soon as possible. The latest version can be downloaded here.