I am no longer using Squirrelmail so this repo is unmaintained. Squirrelmail has a known security flaw (CVE-2020-14933) for which my patchset only contains an incomplete fix. There's an open, unreviewed pull request that may help.
Patches for Squirrelmail
The development of Squirrelmail has been slow lately. No release happened for a long time, though some development still happens in the subversion repository.
I'm sharing a few patches here with the goal to:
- Fix known security issues.
- Avoid PHP warnings.
- Fix compatibility issues with the current PHP 7.3/7.4.
All these patches have been sent to the squirrelmail developer as well, so I hope this patch collection can be obsolete soon.
Each patch contains a brief explanation what it does.
Please apply these patches on top of a recent "Stable version snapshot (1.4.23-svn)" from
https://squirrelmail.org/download.php
Don't use squirrelmail 1.4.22. It contains several severe security vulnerabilities. Use a version after 2019-07-25 for the latest security fix (CVE-2019-12970).