We have been recently reported about vulnerabilities in IceWarp Server 10.4.5. There have been 2 types of potential issues:
1. the more problematic one (but quite difficult to misuse) in html/rpc scripts - potential attacker may get content of a file on a server providing that he would know path to that file.
2. cross-site scripting (XSS) in WebClient Tablet interface + in public calendar (html/webmail/calendar) - this one has smaller impact as potential attacker would have to send malformatted URL pointing to webmail that would execute some javascript code only if user opens that URL.
Workaround
Customers who already run IceWarp Server 10.4.5 may simply extract following patch over the [icewarp]/html folder to replace problematic scripts: http://www.icewarp.com/download/patches/10.4.5/html.zip
Customers on older versions are strictly recommended to upgrade to IceWarp Server 10.4.5-1 - the installers at http://www.icewarp.com/downloads/ have already been repacked with the patched scripts.