NOTE: If you're looking to contact us regarding spam
supposedly sent by SquirrelMail, please read
this explanation of why we
are not related to this scam.
If you want to contact us regarding your lost password,
not being able to login or other problems with your
mail account, please go our end user
The SquirrelMail Project takes security very seriously. If you think
you've discovered a security-related issue in SquirrelMail, please contact
us directly at security-2012 <at> squirrelmail.org.
We will do our best to work with you towards a solution as quickly as possible
and will of course give all credit where it's due.
Below you will find a list with known issues in past SquirrelMail versions.
A legend of the columns is below the table.
The column RG indicates whether the vulnerability only applies to systems that
have the PHP register_globals setting turned On, something that is highly discouraged
by both PHP and the SquirrelMail team.
CVE IDs are used for cross-referencing security issues between distributions.
This page only lists known issues since the start of the 1.4.0 Stable series.