You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
runout-at edited this page Jun 12, 2026
·
4 revisions
General
As noted in #272 there might be security issues in this code. It was written as a helpful utility in 2004 and has had minimal changes since then. Very little effort went in at the time to protect it against various security attacks. While we do eventually fix security issues we become aware of, we aren't bound by any SLAs, so fixes don't always happen quickly.
Patches to fix security issues will be accepted as time permits, but the code (especially the admin panel) certainly needs an overhaul, and that will only happen if someone with enough time and motivation steps up. In fact, a potential replacement for our aged PHP admin panel already exists. Meet veximpy!
In short:
If you are considering VExim, we advise you to at least have a look at other similar solutions as well.
If you are already using VExim, please consider taking extra steps to secure it.
If you're interested in contributing a rewrite, or participating in one, let us know
And of course, pull requests with bugfixes are always welcome!
It might be unsafe for some software to use NULL-values or empty passwords or hashes. If this is used in a setup by intention the admin of this is responsible to do it in a safe way.