Hello,

our university uses a security scanner to check for outdated and
insecure software.
The scanner recently noticed, that squirrel mail was vulnerable for
CVE-2017-7692.
According to your Changelog, this CVE has been fixed on April, 25.

The security scanner has not been able to recognize, that you fixed the CVE,
because it can only check the Version string of squirrelmail.

Is it possible, that you increase the minor Version each time a CVE is
fixed,
so security scanners will be able to detect, if a version is installed,
where the CVE is fixed?

Sincerly

Frank Knoben

RWTH Aachen
Germany


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-***@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users