We have just released an upgraded version of Ensignia, which fixes a serious security vulnerability discovered recently in the SquirrelMail core (CVE-2017-7692.) Due to lack of proper sanitizing of the uploaded attachments in SquirrelMail, it was possible to execute shell commands on the remote server. As you can imagine, this can be very dangerous.
The latest version of SquirrelMail fixes this problem. It also fixes a number of other issues and introduces some new options. Ensignia 6.5 that we have just released is based on the latest version of SquirrelMail core and it immune to the remote execution vulnerability.
If you’re running an older version of Ensignia, we strongly recommend that you upgrade to this latest release. If you choose not to upgrade, you’ll be leaving your server open to a security attack. Please see this document for the description of the CVE-2017-7692 bug.