SecurityGateway 11.0.3 Security Update: Fixes Blank Password Login and SMTP Auth Bypass

SecurityGateway 11.0.3 - 2025-10-07 Fixes: - [28928] Fix for missing CRLF before added Content-Transfer-Encoding header after applying a disclaimer. - [28938] Fix for a user being able to log in with a blank password when no local password is defined in the database. - [28908] Fix for a potential crash during archive store backup. - [28912] Fix for when the ClamAV engine is manually disabled, it cannot be re-enabled; the message "ClamAV 1.4 is not compatible with Windows Server 2008 R2 or Windows 7." is displayed even on newer operating systems. SecurityGateway 11.0.2 - 2025-08-26 Fixes: - [28874] Fix for securitygateway.exe process hanging when changing the value of the "Setup/Users - [28856] Fix for DNS lookups for hostnames failing if the case of the query does not match the case of the returned record name. SecurityGateway 11.0.0 - 2025-06-23 Special Considerations: - [28723] Fix for clamd.conf file being over-written by the installer. SecurityGateway 11.0.0 - 2025-06-23 Fixes: - [28174] Fix for HTTP: wildcard SSL certificate returned instead of certificate that exactly matches the domain of the request. - [28517] Fix for Active HTTP sessions not being expired when a user is merged with another user. - [28635] Fix for applying a disclaimer (header/footer) potentially modifying message headers. - [28590] Fix for potential crash when downloading a message attachment from the web interface. - [28575] Fix for SMTP authentication allowing a local user to send as a user of another local domain when the "Authentication credentials must match those of the email sender" option is disabled.

Goal Reached Thanks to every supporter — we hit 100%!

SecurityGateway 11.0.3 Security Update: Fixes Blank Password Login and SMTP Auth Bypass