New Appliance Release 15.0.3

A new SEPPmail Appliance release has been published.
With this release we closed another batch of the ETH Zurich findings (CVEs pending):

• High: S/MIME Signature Additional Certificate
• High: Bounded Subject Tag Sanitization
• High: Plaintext secure-mail.html
• High: S/MIME Decryption Impersonation
• High: Unicode Subject Tags
• High: GINA State Confusion Account Takeover
• Medium: PGP Decryption Recipient LDAP Injection
• Low: ESWmail-Verify Bypass
• Low: UID Regex Bypass
• Low: GINA Domain Switch
• Low: Webmail Password Tag Sanitization Bypass
• Low: CA Notification HTML Injection
• Low: Long Subject Untagging
• Low: PGP Decryption Sender LDAP Injection

and a possible path traversal found by Infoguard CVE-2026-2743

We also updated OpenBSD 7.7 to errata 23 and fixed a list of smaller issues.

Please see the revision history and the extended release notes for further details.