Exim4U version 1.2.3 - Critical Security Release

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Exim4U version 1.2.3 - Critical Security Release

Gordon Dickens
Hello Everybody,

Exim4U version 1.2.3 was released today.  This release is a critical
security release. As such, all Exim4U installations should immediately
be upgraded to version 1.2.3.  This release addresses several security
vulnerabilities in Exim4u v1.2.2 that were inherited from the base Vexim
2.2.1 php code.  Exim4U version 1.2.3 may be downloaded from here:


A summary of the changes and enhancements in version 1.2.3 may be
reviewed here:


Instructions for upgrading Exim4U version 1.2.2 to 1.2.3 are included in
the change log here:


The security vulnerabilities were identified by Mike Garratt who also
provided guidance in fixing the identified issues as well as personally
correcting many of the weaknesses himself.  Mike also backported
all of the security fixes to Vexim 2.2.1 and has forwarded the revised
Vexim code to Avleen Vig who has agreed to publish a new Vexim release
shortly and which will incorporate these security fixes.  Thanks to Mike
for all of his efforts in behalf of the Exim4U and Vexim communities!

The backported Vexim version is available in the Exim4U downloads
directory at:


The Vexim file name is: vexim_2.2.1_php_security_update-unsupported.tar.gz

The backported Vexim version my be downloaded directly from:


We urgently recommend that all Exim4U and Vexim users immediately
implement Apache .htaccess authentication protection for all
installations until you are able to implement these security fixes. We
also recommend that you consider retaining the .htaccess authentication
for additional  protection even after implementing the fixes. See:


Exim4U is an open source derivative work of Virtual Exim (Vexim).

Visit the website at:


Exim4U Feature Comparison:


Product Brochure:



Gordon Dickens