5
SM 7719 - Security fix criticality?
Question asked by Nathan Y - 2/19/2021 at 2:12 PM
Answered
Does anyone know how critical the security fix in build 7719 (released yesterday) is?

15 Replies

Reply to Thread
2
Patrick Mattson Replied
I was planning to upgrade tonight, would like to know this.

Realized after a customer complaint attachments were being truncated, it is apparently a known bug. Hoping this is a fairly stable version.
0
Alessandro Pereira Replied
+1
0
Jade D Replied
Busy searching through my emails now to see if there was a notice sent out by Smartertools regarding the patch release.

Did any of you receive a notice? One would expect this considering the update includes a security fix
0
Nathan Y Replied
Patrick, did you deploy the update last night and are there any issues with it?
2
Patrick Mattson Replied
I updated early this morning I am currently running 7719 (February 18, 2021).

So far my simple tests have been fine. At this point RAM seems to be down a bit. My fun usually does not start using it on Monday morning when I find out if anything broke. I will continue to test this weekend and let you know.

I have heard of some people having issues with high CPU and Memory usage.

At this point CPU and memory usage:
2/14/2021    12%    8.8GB (Build 7669 (Dec 30, 2020))
2/17/2021    16%    5.1GB (Build 7669 (Dec 30, 2020)) 
2/20/2021    13%    2.7GB (Build 7719 (February 18, 2021)) (installed about 8 hours ago)

From the Server Health for today only:
CPU: 13.38%    Memory: 17.25%

Past experience tells me something will be broken, the mystery is what.
0
Nathan Y Replied
Thanks Patrick,  I appreciate the time taken to post.
0
Ron Raley Replied
This update caused a ton of italic folders to be displayed in Thunderbird IMAP for accounts that have connected using Outlook MAPI.

The folders are invisible in Outlook.

I don't know if this is supposed to be.
1
Nathan Y Replied
Not encountered the folder issue following upgrading but Google suggests it is a Thunderbird issue rather than necessarily SmarterMail.
1
Sébastien Riccio Replied
It would indeed be useful to know what was this security issue so we can inspect our system to know if it was exploited somehow.

On another side I understand that it's not a good idea to publicly reveal the exploit because it would help some as**oles people to exploit it on unpatched systems.

The only hint about the issue is that it seems it was also affecting SmarterTrack as there is a a big red IMPORTANT warning in the changelog about a security vulnerability.

Who knows maybe it will appear someday on CVE database.

Sébastien Riccio
System & Network Admin

0
Stefano Replied
I would like to upgrade my SM server, but I would like to be sure that I won't have any undesidered bugs with this installation.
Anyone has seen them or it's everything OK?
Thanks 
1
Sébastien Riccio Replied
So far no new issues since last update but as it's the weekend the real live test is on monday, when people are back to work.
Sébastien Riccio
System & Network Admin

0
Ron Raley Replied
"Thunderbird Phantom Folders"

I use Mozilla Thunderbird everyday and just read that is what these are called.

The newest SmarterMail release added about 15 folders to each of my accounts in Thunderbird.

Users are unlikely to experience this issue because they use Outlook or other email client. Not both, like me.

The folders will not present themselves until a MAPI connection is established.

Honestly, I'm not too worried about it.
0
Rod Strumbel Replied
The last notice I have for updates is version 7699, nothing at all since then
1
Nathan Y Replied
Although it has been quiet, unless I am mistaken the 'vulnerability' thread opened yesterday by another poster has disappeared from the forums so someone is alive. 

All the release notes needed was a clarification on the risk/nature of the security issue so users could make a decision as to whether it needed to be patched immediately or could wait.
1
Tim Uzzanti Replied
Employee Post Marked As Answer
The individual who posted the security concern this morning was emailed the moment we deleted it so we could discuss the issue and verify if it is a problem.  We don't leave anything in the community that COULD jeopardize  other customers. In addition. you have probably noticed how release notes are far less detailed for security related issues than Fixed, Changed, and Added.   


Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread