Critical Updates, Security Alerts, and Bulletins

This page is for announcements of critical security or bug fixes, software patch updates, security alerts, and bulletins. The information is updated when these changes are released.

MDaemon Email Server - Critical Update MD111424

Fix to MDaemon Email Server and MDaemon Webmail Vulnerablities

Updated November 14, 2024

Summary
A vulnerability for cross-site scripting (XSS) was reported and has been addressed.

Affected Software
All supported versions of MDaemon Email Server, 20.0.0 through 24.5.0. We recommend that administrators download and install the applicable version found below to address the issue. Although no longer supported, versions older than 20.0.0 are also affected. It is highly recommended that all MDaemon Email Server customers running a non-supported version renew their license and upgrade to a supported and applicable version* (from the list below) to receive the latest security and software features.

There are no known issues that customers may experience when downloading the update.

NOTE:  This update includes all changes that were released in Critical Update MD062923. Click for additional details.

MDaemon Email Server - Critical Update MD062923

Critical Update to MDaemon AntiVirus/AntiSpam Engine (MDaemon AntiVirus/AntiSpam licensed feature)

Updated September 26, 2023

Summary
This update addresses the following critical issue for MDaemon users:

Re-integration of Outbreak Protection (Recurrent Pattern Detection). Cyren's proprietary Outbreak Protection service was previously removed as a result of Cyren's insolvency and exit from the industry. That technology has been acquired by a new provider and is now re-licensed and integrated for use in MDaemon Email Server.

Affected Customers
Customers using the optional MDaemon AntiVirus/AntiSpam licensed feature must upgrade to the latest version of MDaemon Email Server for which they are licensed or using (from the list below) to ensure access to the latest variant of Malware Detection (antivirus engine) and the new Outbreak Protection (antispam). Older variants of these products may cease to function without notice. Additionally, it is highly recommended that all MDaemon Email Server customers upgrade to a current eligible version* (from the list below) to receive the latest security and software features.

Affected Software
The supported versions listed below have been tested and determined to be affected. We recommend that administrators download the appropriate version and language file listed below. MDaemon versions 23.5.x and higher are not affected.

There are no known issues that customers may experience when downloading the update.

32 and 64-bit Installers for Microsoft Windows

Select the version download link to see the file type and language options
Version in use * Critical Update Version (click to download)
MDaemon 24.5.0
MDaemon 24.0.x
MDaemon 23.5.x
MDaemon 23.0.x
MDaemon 22.0.x
MDaemon 21.5.x
MDaemon 21.0.x
MDaemon 20.x.x

* Critical updates are free for all users. Customers must download the software version file for which they are eligible (the paid version in use whether the license is current or expired). If a different/ineligible version is downloaded, that version will cease to work after 30 days. MDaemon Technologies recommends always using the current version to ensure you receive the latest security and software features.
Renew/Upgrade your MDaemon license    |    Download the current version of MDaemon    |    Supported Products

SecurityGateway for Email - Critical Update SG070523

Critical Update to SecurityGateway Antivirus/Antispam Engine

Updated November 7, 2023

Summary
This update addresses the following critical issue for all Security Gateway users:

Re-integration of Outbreak Protection (Recurrent Pattern Detection). Cyren's proprietary Outbreak Protection service was previously removed as a result of Cyren's insolvency and exit from the industry. That technology has been acquired by a new provider and is now re-licensed and integrated for use in Security Gateway for Email.

Affected Software
The versions listed below have been tested and determined to be affected. We recommend that administrators download the appropriate version and language file listed below.

There are no known issues that customers may experience when downloading the update.

64-bit Installer for Microsoft Windows

Select the version download link to see the file type and language options
Version in Use* Critical Update Version (click to download)
Security Gateway 9.0.x

* Critical updates are free for all users. Customers must download the software version file for which they are eligible (the paid version in use whether the license is current or expired). If a different/ineligible version is downloaded, that version will cease to work after 30 days. MDaemon Technologies recommends always using the current version to ensure you receive the latest security and software features.
Renew/Upgrade your Security Gateway license    |    Download the current version of Security Gateway    |    Supported Products