SOGo v5.12.5 released

March 4, 2026

The Alinto team is pleased to announce the immediate availability of SOGo v5.12.5. This is a minor release of SOGo with bug fixes.

New OS support: Debian Trixie 13

• Mind that we didn’t have many feedbacks on this build, be sure to test it before! You’ll find a dockerfile example here
• The packages are on our second repo https://packagingv2.sogo.nu/. See the Download Page for instructions

Several vulnerability fixes

Thanks to the community to find them and report them. If it happens, you can send a mail to bugs@sogo.nu.

• vulnerability: prevent javascript injection with hint query (e821b20)
• vulnerability: prevent sogo to execute scripts in theme query (16ab99e)
• vulnerability: prevent xss with events, tasks and contacts categories (e9b3f2a)
• vulnerability: properly change the totp code after disabling it (83d4c52)

Bug Fixes

• contact: research with two dots like Ä now works
• db: increase some column size for new databases (f8638a3)
• encryptedUrl: fix cache key data and expect uncrypted name for freebusy (95efe73)
• event: also add jitsi url in the location as outlook doesn’t support attach url (7876013)
• identity: fix signature when changing identity (71d865b)
• login: prevent user search for login keyword (6f91600)
• Mail: correctly update quota when refreshing (af984f5)
• mail: use the correct replyTo when set to a non*default identity (03fa91d)
• minsearch: fix instance of minsearch (d7e5165)
• tool: rename-user properly change data in c_defaults and c_settings (d69f55c)
• trad: typo in a translation key (e2b8494)
• ui: prevent UI to search for users with empty string (389e8e6)

SOGo 6

A big thank you to the community for their patience regarding SOGo 6 and SOGo 5! You can see the last news about SOGo 6 here

See the closed tickets for this release and the complete change log.