SmarterMail Release Notes

2026

Build 9526 (Jan 30, 2026)

  • Changed: Revised restrictions for file and folder name validation.
  • Fixed: [API] Users may be able to be impersonated by system administrators who do not have impersonation permissions.
  • Fixed: [HA] Password Reset CAPTCHA now works as expected.
  • Fixed: [HA] Refresh token fails length validation.
  • Fixed: A system administrator's password cannot be reset if they have 2FA enabled.
  • Fixed: Administrative logs indicate a password was successfully reset even when the reset failed.
  • Fixed: Birthdate showing wrong date with UTC +01:00 in Outlook (EAS) on Android.
  • Fixed: Multipart/alternative e-mails not rendering HTML correctly.
  • Fixed: POP Timing Attack on APOP MD5 Hash Comparison.
  • Security: Fixed a BIMI SSRF vulnerability.
  • Security: Fixed a scenario where CAPTCHA might not expire within alloted time.
  • Security: Fixed an issue where EWS can be used to spoof email addresses despite AuthMatch being set to email address.
  • Security: Fixed some API endpoints that had improper security scope
  • Security: Hardened JWT tokens.
  • Security: Hardened password reset tokens.
  • Security: Hardened Simpleauthcontroller.
  • Security: Removed Command Line Action from Routing Rules.
  • Security: Resolved a cross site issue with MAPI requests.

Build 9518 (Jan 22, 2026)

  • IMPORTANT: Critical security fixes. It is strongly recommended that all users update to this release.
  • Changed: Online Meetings need to support Authenticated Users' timezone IDs.
  • Changed: Redesigned the Diagnostics area, making it an actual page for system administrators, and including additional information.
  • Fixed: [HA] Translation error when blacklisting an IDS block.
  • Fixed: Blocked Domains modal has title "Blocked Senders".
  • Fixed: Mailing Lists do not validate the throttling card when adjusting Outbound Throttling.
  • Fixed: Newly created users can generate 'password encrypted is null' errors.

Build 9511 (Jan 15, 2026)

  • IMPORTANT: Critical security fixes.
  • Changed: "Block files without an extension" on Extension Blacklist for Uploads now includes email attachments.
  • Changed: About/checkup page now restricted to authorized (local network) IPs.
  • Changed: Update the "Someone muted you." toast in Online Meetings.
  • Removed: [API] System Admin -> CreatePrimarySystemAdmin.
  • Removed: [API] ValidateRemoteInstances as an API endpoint.
  • Fixed: [HA] Error proxying secure TCP sessions to the nodes.
  • Fixed: [HA] Unable to export whitelists from the security tab.
  • Fixed: Clicking on a task from the Calendar view opens a new task window instead of the task details.
  • Fixed: Creating a scheduled meeting that schedules an Online Meeting shows the Online Meeting start date with the UTC offset.
  • Fixed: It's possible to delete File Storage root folder which breaks File Storage.
  • Fixed: MailService.dll is being flagged as a false positive with VirusTotal.
  • Fixed: The REST API isn't setting a catch-all value when retrieving domain details for gateways.
  • Fixed: When a domain administrator changes a user's password, the administrator's 2FA application passwords are reset instead of the user's.

Build 9504 (Jan 8, 2026)

  • Added: Feature to prevent file uploads with no file extensions.
  • Changed: Added additional default file extensions to the Extension Blacklist for Uploads setting.
  • Changed: Redesigned file uploads across SmarterMail.
  • Changed: Updated and improved API documentation.
  • Fixed: [HA] [HUB] QC cluster failover shows Standby Node twice when activating.
  • Fixed: [HA] [HUB] Routing Rules and Gateways pages don't point to the proper Help pages.
  • Fixed: [HA] [HUB] The 'Notification Interval' values in Hub Notifications configuration area should be plural.
  • Fixed: [HA] ClamAV error message does not display correctly.
  • Fixed: [HA] ClamAV Setting Timeout Seconds does not reach the maximum value before giving an error.
  • Fixed: [HA] Profile image will not appear in the GAL.
  • Fixed: Client-side rules in Outlook are not being applied on message arrival.
  • Fixed: Content filter stores encoded folder names instead of Unicode folder names.
  • Fixed: Disposable Addresses added to Inbox are showing "undefined" for the folder name.
  • Fixed: Disposable Addresses for Drafts, Sent Items, and Scheduled folders don't display any buttons.
  • Fixed: Enable VRFY/EXPN notification text has a misspelling.
  • Fixed: Exception thrown when generating bounce message for specific sender email.
  • Fixed: File Storage URL is not changed with the update of the URL setting under the General option.
  • Fixed: Forwarding or replying to an external message from Outlook (MAPI) doesn't include the sender's email in the header for original message header.
  • Fixed: Image previews do not display properly in webmail chat.
  • Fixed: Importing Spam Settings (spamConfig.json) does not restore all the previous settings.
  • Fixed: MAIL FROM command (SMTP) accepting non-compliant addresses in some cases.
  • Fixed: Message count displays incorrectly when using French language in webmail.
  • Fixed: No validation when exceeding user throttling messages or bandwidth.
  • Fixed: Routing Rules initial selection of "Enable wildcards" fails to save on first save.
  • Fixed: Signatures do not display None or Domain options despite using them.
  • Fixed: Throttling logic is using the wrong settings to determine throttle action.
  • Fixed: Translation Error in File Storage for All Files.
  • Fixed: Turkish character rendering in the Move dialog is broken.
  • Fixed: Webmail isn't setting the correct font when composing a new message.
There are no release notes that match your search criteria.
Download All Release Notes