By default, MailMate has never auto-added S/MIME certificates to the keychain, but there was a hidden preference to do it (version 1.9.7) and later it also got a GUI setting (version 1.11), but the latter happened after fixing the issue in MailMate. The paper describes 3 issues labelled A1-A3:Ī1: This one is about S/MIME certificates. The mailto: paperĪs noted above then this paper is not the reason for the MailMate 1.13.2 update, but the paper does highlight some important issues and I’ll use this opportunity to go through them in relation to MailMate.įirst of all, the paper does not state the version of MailMate used for the tests and the public release of MailMate does not behave exactly as described in the paper. It’s the result of careless programming and a sad lack of proper testing. That may seem like vulgar language, but nothing less can match the embarrassment felt when discovering such an issue. The other type of security issue is what I can only phrase as “Sh*t-for-Brains” issues. I learn every time and, for example, I’m constantly thinking about security related issues while implementing the new message view. An advanced email client (like MailMate) is more likely to have such issues than a simple one, but I’m still somewhat embarrassed when I think I should have been more careful when implementing some specific feature.
#Mailmate 1m3 software
There’s the smart ones where someone cleverly combines email software features to reveal that something that seemed to be safe behavior really isn’t. Nevertheless, I’ll be reviewing the issues described in the paper in a section below.įrom my perspective as a developer, there are 2 basic types of security issues. Now, if you follow security related email news then you might have seen this paper, but it’s actually not the reason for this security update.
#Mailmate 1m3 update
I strongly recommend all users of S/MIME to update as soon as possible. The reason I’m releasing an update now is a security problem in version 1.13.1 (and some earlier releases). When it’s ready I’ll write a blog post about the many ways it works differently from the old one. The new message view is going to be both safer and far more flexible, but it’s not ready for a public release yet. Originally, this seemed like a good idea, but over the years it became apparent that it’s a horrible idea with all sorts of problems - including security issues. Since the first release of MailMate, this has been handled by a single interface element displaying a single HTML document.
Most importantly, I’m working on replacing the part of MailMate used to display emails. This is kind of a good thing, because the reason is that I’ve been working hard on replacing some parts of MailMate which were long overdue for a replacement. It has been quite a while since MailMate had a public update (December, 2019). The short version of this blog post: If you rely on using S/MIME in MailMate then make sure you have updated to version 1.13.2 (or later).
0 kommentar(er)
