Double security release: BlueMind 3.5.6-2 and 3.0.41

BlueMind 3.5.6-2 and BlueMind 3.0.41 are security releases. We strongly suggest you upgrade your installation.


Upgrade is performed with the bm-setup-wizard tool if you have a BlueMind subscription. You have to migrate your data manually otherwise.

Changelog HotFix 3.5.6-2

  • FACTORFX-35 Fix: PST migration, default contact folder not found
  • BM-12291 Fix: event date auto-pick according to attendees free-busy status
  • UDL-165 Fix: Thunderbird “empty” after extended inactivity
  • BM-12344 Fix: handle cyrus slow startup
  • BM-11962 Impr: introduce 2 roles to manage backup&restore
  • BM-11962 Impr: make dataprotect navigation available to domain administrator
  • BM-12294 Fix: keep attendees participations when adding a resource to a meeting
  • BM-12375 Fix: random MAPI_E_OBJECT_CHANGED error when saving a meeting in Outlook
  • BM-12350 Fix: subscription to “default” addressbook is mandatory in settings
  • BM-12368 Fix: do not attempt to sync offline calendars
  • BM-12142 Fix: access to user mail identities even if all are not manageable by admin for organizational unit management
  • GLAG-187 Fix: limit calendar result size to prevent loading issues
  • BM-12394 Fix: do not redirect to /login/index.html when auth failed on /login/native
  • BM-12409 Security fix: invalid ACLs for some users
  • COAX-418 Fix: corrupted folder hierarchy causes iphone sync error
  • BM-12418 Security fix: check canonical path in settings file inclusion
  • BM-12419 Security fix: prevent arbitrary url forging
  • BM-12408 Fix: protect timezone registry from timezone “injection”

Changelog 3.0.41


  • CLERCO-48 Fix: forbid relative path access through URL tampering

Mobile devices

  • TLIB-529 Fix: prevent phone loop when trying to sync a folder that does not exist anymore
  • TLIB-529 Imp: server memory usage and performance improvements

Outlook connector

  • COAX-399 Fix: modify a meeting in a writable synchronized calendar
  • COAX-407 Fix: let server determine particiation status of attendees when creating a meeting

We wish you a pleasant install/upgrade!