Hi all,
Anybody installed imp3.2.2 on version 6 or 5.3 yet?
There appears to be quite a large flaw in version 3.2.1 that is currently shipped.
"server is running IMP version 3.0, 3.1, 3.2, or 3.2.1. These versions are vulnerable to several cross-scripting attacks whereby an attacker can cause a victim to unknowingly run arbitrary Javascript code simply by reading an HTML message from the attacker."
Cheers,
Peter