Dear customers,

iRedAdmin-Pro-MySQL-1.2.0 (AKA iRedAdmin-Pro for OpenLDAP backend) is now available for your upgrading and purchasing. All customers should already received an email with download link before 2011-06-12, if you didn't receive any email from iRedMail project, please help check your Spam/Junk folder first, or mail to support @ iredmail.org and ask for one.

Important Note

This release fixes some possible XSS vulnerabilities, and add XSRF protection to harden web security, please upgrade it AS-SOON-AS-POSSIBLE.

If you have old iRedAdmin-Pro installed, upgrade tutorials are ready for your use. Upgrading from previous version is pretty simple: uncompress source tarball, set file permission, copy config file from old version, restarting apache web server. That's all.

• Demo site is available here: http://www.iredmail.org/admin_demo.html

• Purchase now: http://www.iredmail.org/admin_buy.html

##################################
# What's new in v1.6.0
#

Improvements

• CSRF protect. Reference: Cross-Site Request Forgery

• Able to delete all admin logs with one click.

• Add 'shadowLastChange=0' for newly created mail user.

Fixed Issues

• Cannot view quarantined VIRUS mails. Thanks beez@forum <jason@indo...id>.

• Cannot remove object under ou=Externals while deleting mail list.

• Incorrect links of pages in per-user and per-domain activity list.

• Can't add sub-domain users as external member of mail list. Thanks Silviu Romonti <silviu.romonti@>.

• Allow to use domain names which end with 2-6 chars. Thanks Julian P. <@consistency.at>.

• Some possible XSS vulnerabilities.

Feedback, suggestions, feature requests are always welcome.