Back to Community Threads
5
SM 7719 - Security fix criticality?
Question asked by Nathan - 2/19/2021 at 2:12 PM
Answered
Does anyone know how critical the security fix in build 7719 (released yesterday) is?

15 Replies

Reply to Thread
2
Patrick Mattson Replied
2/19/2021 at 2:53 PM
I was planning to upgrade tonight, would like to know this.

Realized after a customer complaint attachments were being truncated, it is apparently a known bug. Hoping this is a fairly stable version.
0
Alessandro Pereira Replied
2/19/2021 at 3:26 PM
+1
0
Jade D Replied
2/19/2021 at 11:39 PM
Busy searching through my emails now to see if there was a notice sent out by Smartertools regarding the patch release.

Did any of you receive a notice? One would expect this considering the update includes a security fix
Jade
0
Nathan Replied
2/20/2021 at 12:09 PM
Patrick, did you deploy the update last night and are there any issues with it?
2
Patrick Mattson Replied
2/20/2021 at 1:27 PM
I updated early this morning I am currently running 7719 (February 18, 2021).

So far my simple tests have been fine. At this point RAM seems to be down a bit. My fun usually does not start using it on Monday morning when I find out if anything broke. I will continue to test this weekend and let you know.

I have heard of some people having issues with high CPU and Memory usage.

At this point CPU and memory usage:
2/14/2021    12%    8.8GB (Build 7669 (Dec 30, 2020))
2/17/2021    16%    5.1GB (Build 7669 (Dec 30, 2020)) 
2/20/2021    13%    2.7GB (Build 7719 (February 18, 2021)) (installed about 8 hours ago)

From the Server Health for today only:
CPU: 13.38%    Memory: 17.25%

Past experience tells me something will be broken, the mystery is what.
0
Nathan Replied
2/20/2021 at 1:35 PM
Thanks Patrick,  I appreciate the time taken to post.
0
Ron Raley Replied
2/20/2021 at 5:13 PM
This update caused a ton of italic folders to be displayed in Thunderbird IMAP for accounts that have connected using Outlook MAPI.

The folders are invisible in Outlook.

I don't know if this is supposed to be.
1
Nathan Replied
2/21/2021 at 10:01 AM
Not encountered the folder issue following upgrading but Google suggests it is a Thunderbird issue rather than necessarily SmarterMail.
1
Sébastien Riccio Replied
2/21/2021 at 11:07 AM
It would indeed be useful to know what was this security issue so we can inspect our system to know if it was exploited somehow.

On another side I understand that it's not a good idea to publicly reveal the exploit because it would help some as**oles people to exploit it on unpatched systems.

The only hint about the issue is that it seems it was also affecting SmarterTrack as there is a a big red IMPORTANT warning in the changelog about a security vulnerability.

Who knows maybe it will appear someday on CVE database.
Sébastien Riccio
System & Network Admin
0
Stefano Replied
2/21/2021 at 11:53 AM
I would like to upgrade my SM server, but I would like to be sure that I won't have any undesidered bugs with this installation.
Anyone has seen them or it's everything OK?
Thanks 
1
Sébastien Riccio Replied
2/21/2021 at 12:43 PM
So far no new issues since last update but as it's the weekend the real live test is on monday, when people are back to work.
Sébastien Riccio
System & Network Admin
0
Ron Raley Replied
2/21/2021 at 2:24 PM
"Thunderbird Phantom Folders"

I use Mozilla Thunderbird everyday and just read that is what these are called.

The newest SmarterMail release added about 15 folders to each of my accounts in Thunderbird.

Users are unlikely to experience this issue because they use Outlook or other email client. Not both, like me.

The folders will not present themselves until a MAPI connection is established.

Honestly, I'm not too worried about it.
0
Rod Strumbel Replied
2/22/2021 at 9:28 AM
The last notice I have for updates is version 7699, nothing at all since then
1
Nathan Replied
2/22/2021 at 10:00 AM
Although it has been quiet, unless I am mistaken the 'vulnerability' thread opened yesterday by another poster has disappeared from the forums so someone is alive. 

All the release notes needed was a clarification on the risk/nature of the security issue so users could make a decision as to whether it needed to be patched immediately or could wait.
1
Tim Uzzanti Replied
2/22/2021 at 12:42 PM
Employee Post Marked As Answer
The individual who posted the security concern this morning was emailed the moment we deleted it so we could discuss the issue and verify if it is a problem.  We don't leave anything in the community that COULD jeopardize  other customers. In addition. you have probably noticed how release notes are far less detailed for security related issues than Fixed, Changed, and Added.   
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Emergency 24x7 SupportGeneral Topics
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
The Importance of Language SelectionSmarterMail > Domain/User Configuration and Management
WHMCS Provisioning Module for SmarterMailUtilities and Conversion Tools
TLS 1.0/1.1 Deprecation InformationGeneral Topics