Advisory ID: 
SA-CONTRIB-2017-006
Vulnerability: 
Information Disclosure
Versions affected: 

Backdrop core is not affected. If you do not use the contributed SMTP Authentication Support module, there is nothing you need to do.

Description: 

This SMTP module enables you to send mail using a third party (non-system) mail service instead of the local system mailer included with Backdrop. When this module is in debugging mode, it will log privileged information.

Solution: 
  • If you use the smtp module for Backdrop CMS 1.x, upgrade to smtp 1.x-1.3.3
Reported By: 
Fixed By: 
Coordinated By: