<![CDATA[Rainloop 1.16 (current) has an unpatched security bug]]>As per https://thehackernews.com/2022/04/unpatched-bug-in-rainloop-webmail-could.html

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes.

"The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client," SonarSource security researcher Simon Scannell said in a report published this week.

"When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their emails, including those that contain highly sensitive information such as passwords, documents, and password reset links."

On Yunohost they recommend switching to Snappymail (already in the appstore): https://forum.yunohost.org/t/security-rainloop-suffers-a-security-bug/19579

]]>https://forum.cloudron.io/topic/6858/rainloop-1-16-current-has-an-unpatched-security-bugRSS for NodeThu, 11 Jun 2026 07:37:29 GMTFri, 22 Apr 2022 22:11:44 GMT60<![CDATA[Reply to Rainloop 1.16 (current) has an unpatched security bug on Sun, 24 Apr 2022 20:18:34 GMT]]>I have pushed a new package with the patch.

]]>https://forum.cloudron.io/post/46578https://forum.cloudron.io/post/46578Sun, 24 Apr 2022 20:18:34 GMT<![CDATA[Reply to Rainloop 1.16 (current) has an unpatched security bug on Sun, 24 Apr 2022 19:17:48 GMT]]>@necrevistonnezr thanks for reporting. Making a new package with the patch at https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw

]]>https://forum.cloudron.io/post/46574https://forum.cloudron.io/post/46574Sun, 24 Apr 2022 19:17:48 GMT