Mercury/32 v4.52 / Mercury/NLM v1.49, August 2007

Mercury/32 v4.52 / Mercury/NLM v1.49, August 2007

Mercury/32 v4.52 is a security patch release, addressing a serious weakness in the MercuryS SMTP server (specifically, a buffer overflow vulnerability in the way the server processes the AUTH command). All v4.x versions of Mercury earlier than v4.51 are vulnerable to this exploit, and users should regard the upgrade to v4.52 as mandatory. V4.52 also fixes and extends the "Save attachment to file" filtering rule action (the "Set" button now works correctly, and you can now specify either a filename or a directory as the destination for the rule), and corrects a problem in the IMAP server where attempts to create folders using characters outside the supported character set might cause crashes. Please click here to go to the download pages and retrieve v4.52. A patched version of MercuryS suitable for use in Mercury v4.01b systems is available here for sites who do not wish to upgrade to v4.5, but we strongly urge making the move to v4.5 as soon as possible. Otherwise, the feature set for v4.52 is the same as for v4.51, the release information for which is shown below.

Finally, for those sites still running the NLM version of Mercury, we have produced a patch for the NLM version, which is available on our patches page.