Posts Tagged ‘Security’

Cross-site Scripting (XSS) issue in the Kolab Webclient?

Posted on: December 5th, 2023 by

Lately we got a lot of questions at Support about a possible vulnerability in Roundcube, the Kolab Now webclient. The listing in question is  CVE-2023-47272 which upstream in the Roundcube development has been handled and patched.

To see the version of Roundcube running as the Kolab now webclient, login and press the ‘About’ button in the left side of the screen. This will reveal that Kolab Now is running:

Roundcube Webmail 1.5.6.3-30.1

This tells, that the fix was already installed, and that the Kolab Now webclient is not impacted by the vulnerability.

We are thankful for having an observant and active user base.

 

Announcing Service Window: The death of old infrastructure..

Posted on: January 13th, 2023 by

On Friday, 20th of January 2023 at 09:00 UTC, the Kolab Now operations team will perform maintenance on the infrastructure of the Kolab Now platform.  The update will move a part of the backend services to newer infrastructure. The updates will bring more stability and better manageability to the backoffice systems. No new features visible to end users will be enabled during this maintenance.

The service window is expected to last for no more than 4 hours, ending on Friday, 20th of January 2023, at 13:00 UTC.

> Continue Reading

The Annual Certificate Refresh

Posted on: January 2nd, 2023 by

Another year past and we needed to again refresh our certificates.

As in previous years, e.g. 2018, 2019, 2020, etc, we rolled over certificates across all systems over the last few days of the year.

The new certificate is in place, and applies to https://kolabnow.com/, imaps://imap.kolabnow.com and smtps://smtp.kolabnow.com.

As in previous years, we publish the fingerprint here:

SHA-256:

FA:2A:BF:A9:F8:FA:67:E7:7B:0D:B2:2C:C2:F2:8B:F8:30:4C:77:84:55:38:02:B4:DD:66:7F:DA:F4:C7:DC:49

SHA-1:

B6:FE:BF:F6:3A:17:CD:E4:2D:02:7F:AF:C9:EF:0C:45:32:F9:0A:3B

 

The Annual Certificate Refresh

Posted on: December 28th, 2021 by

Another year past and we needed to again refresh our certificates.

> Continue Reading

Our Statistics for 2020

Posted on: January 15th, 2021 by

Our terms of service state there’s basically no way for anyone to get any access to your data without us also being able to talk about the fact it happened.

Like the last time we declared having made a full eclipse around the sun at an arbitrary date, here’s our statistics for 2020.

> Continue Reading

Bleib sicher Zuhause mit Kolab Now

Posted on: March 22nd, 2020 by

Kolab Now unterstützt alle, die auf Homeoffice nicht vorbereitet sind, indem wir unseren Service für die Dauer der Krise gratis zur Verfügung stellen.

Email, Kalender, Office-Dokumente und mehr, helfen Ihnen Ihre Arbeitsabläufe auch Zuhause aufrecht zu erhalten.

Registriere dich jetzt mit dem Voucher Code KOLABFROMHOMENOW.

Dieses Angebot werden wir so lange wie möglich aufrechterhalten und nachdem sich die Lage beruhigt hat wieder entfernen.

Stay Safe at Home with Kolab Now

Posted on: March 16th, 2020 by

Authorities and experts alike tell us physically staying at home is the safest thing to do for you and yours, and everyone else. Our experts want you to enjoy the same safety on the web.

We have decided to spread the burden and not the virus, and do the right thing by not opportunistically profiting off of our collective misery. We now provide a 100% discount to all new signups for as long as we can manage, or for as long as the crisis continues, whichever comes first. When things cool down, we’ll remove the discount.

> Continue Reading

Our Annual Certificate Refresh

Posted on: January 16th, 2020 by

Our annual certificate refresh is upon us.

> Continue Reading

Our statistics for 2019

Posted on: January 3rd, 2020 by

Our terms of service state there’s basically no way for anyone to get any access to your data without us also being able to talk about the fact it happened, and further down nested in our legal framework outline do we have a list of 3 general types under which individual requests could be filed.

Like the last time we declared having made a full eclipse around the sun at an arbitrary date, here’s our statistics for 2019.

> Continue Reading

Security Incident: Involuntary Information Disclosure

Posted on: August 22nd, 2019 by

Earlier today, we have received a report where the web client may inadvertently disclose the so-called common name of accounts within the same domain name space.

> Continue Reading