Hi Arthur, Arthur Furlan ha scritto: > I fixed these issues adding a new method in the Auth class (see > Auth.php.patch) that destroys the any session for an user, both in php > *and* database. To fix the issue [1] I added a call of this new method
Thank you for your bug report, I've committed your patch. However I will ask upstream to try to patch atmailopen and do not store clear password in the database. Cheers, Giuseppe
signature.asc
Description: OpenPGP digital signature