Hastymail2

Security

    When the new Hastymail code is released this page will be a source of any security related updates or information. Application security is extremely important to us, so if you have any questions or comments please let us know. We support full disclosure of security issues, however if you find one in Hastymail please let us know before anything is disclosed to the public. This way we can build a fix and inform our users. We will work with and credit anyone who brings security issues to our attention.

Hastymail2 RC 8 released December 6, 2009 contains several security specific updates worth mentioning. These were introduced pro-actively and are not in response to any known security vulnerabilities

- The IMAP class has a new validation layer that examines IMAP commands that could contain possibly dangerous input and raises a fatal error if anything suspicious is found.

- The SMTP class has a similar validation layer that protects against possible command injection attacks.

- Session cookies now use both the secure cookie flag (when using HTTPS) and a specific cookie path to limit any undo exposure to sensitive information.

 
Security related inquires can be sent to:

jason [at] hastymail [dot] org

or you can use the contact page send us a message.