About Download News Community support Premium support FAQ Partner Github
About Download News Community support Premium support FAQ Partner

SAML Vulnerability
June 1, 2021

2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009

With the recent vulnerability found in the Lasso library (CVE-2021-28091), which SOGo uses to do SAML-based authentication, we urge you to either disable SAML authentication or temporarily disable the SOGo service until updated packages are available for your operating system of choice and until we release SOGo v5.1.1 and v2.4.1.

SOGo has its own vulnerability regarding the Lasso usage (CVE-2021-33054) and we will provide updated SOGo packages in about two hours to fix this.

If you are NOT using SAML authentication, you are not affected by this bug nor you need to upgrade.

In order to have the full fix for these issues, you must update the Lasso to v2.7.0 or later and update the SOGo packages. You should also invalidate all current user sessions.

Back to 2021
Sitemap
About
Overview Why SOGo Features
Download
Backend Frontends ZEG
News
Community support
Premium support
FAQ
Partner
Development
Developed by
Subscribe to our newsletter
It will be possible to unsubscribe at all times.