DirectAdmin Support
11-30-2009, 09:45 PM
Hello,
This is a notice that effective immediately, we will not include Uebimiau in our default installs of DirectAdmin. It has been changed to be an install-time option, so you can still use it if you wish.
The reasoning is that several unresolved vulnerabilities have been reported to us. Since the project seems to be discontinued, we can't forsee any of these numerous issues being resolved in a timely manner, thus we can no longer include it by default.
For anyone who wishes to install it anyway (at your own risk), you can still do so by either running:
cd /usr/local/directadmin/scripts
./webmail.shor by setting
uebimiau=yesin your options.conf and running
./build uebimiaufrom your custombuild directory.
For anyone currently running Uebimiau (/webmail), we recommend either removing it, or at least disabling it.
cd /var/www/html
chmod 0 webmail
mv webmail webmail.disabledDisabling with this command is a good option, in the event that someday, the project comes back to life and the issues are repaired, as there is user-data in /var/www/html/webmail/tmp. Renaming it to the webmail.disabled is done to hide the link for it within DA.
If you're running custombuild, don't forget to set:
uebimiau=noin your options.conf so auto-updates (if you're using them) don't reinstall it.
You may want to give ample notice to your Users in case they have emails in their Uebimiau folders, as Uebimiau uses it's own internal storage system, and has it's own proprietary folders that can only be accessed by Uebimiau.
Thanks to tillo for finding these vulnerabilities and reporting them. Note that I won't be publishing them here because we don't want to give anyone any ideas for using them. The list of vulnerabilities is also apparently quite long, which is a factor in assuming that they won't be all fixed in a timely manner, if ever. Note that the project has been picked up and renamed to T-dah (http://www.tdah.us), but tillo informs me that their version has many/most of the same issues as Uebimiau.
If the project does resolve all of the issues, we will consider reinstating it.
Any updates of DirectAdmin will not be removing this software for you, if you already have it.
If you wish to remove it, it must actively be done by the server admin.
John
This is a notice that effective immediately, we will not include Uebimiau in our default installs of DirectAdmin. It has been changed to be an install-time option, so you can still use it if you wish.
The reasoning is that several unresolved vulnerabilities have been reported to us. Since the project seems to be discontinued, we can't forsee any of these numerous issues being resolved in a timely manner, thus we can no longer include it by default.
For anyone who wishes to install it anyway (at your own risk), you can still do so by either running:
cd /usr/local/directadmin/scripts
./webmail.shor by setting
uebimiau=yesin your options.conf and running
./build uebimiaufrom your custombuild directory.
For anyone currently running Uebimiau (/webmail), we recommend either removing it, or at least disabling it.
cd /var/www/html
chmod 0 webmail
mv webmail webmail.disabledDisabling with this command is a good option, in the event that someday, the project comes back to life and the issues are repaired, as there is user-data in /var/www/html/webmail/tmp. Renaming it to the webmail.disabled is done to hide the link for it within DA.
If you're running custombuild, don't forget to set:
uebimiau=noin your options.conf so auto-updates (if you're using them) don't reinstall it.
You may want to give ample notice to your Users in case they have emails in their Uebimiau folders, as Uebimiau uses it's own internal storage system, and has it's own proprietary folders that can only be accessed by Uebimiau.
Thanks to tillo for finding these vulnerabilities and reporting them. Note that I won't be publishing them here because we don't want to give anyone any ideas for using them. The list of vulnerabilities is also apparently quite long, which is a factor in assuming that they won't be all fixed in a timely manner, if ever. Note that the project has been picked up and renamed to T-dah (http://www.tdah.us), but tillo informs me that their version has many/most of the same issues as Uebimiau.
If the project does resolve all of the issues, we will consider reinstating it.
Any updates of DirectAdmin will not be removing this software for you, if you already have it.
If you wish to remove it, it must actively be done by the server admin.
John