Exim 4.99.4 security release

[unihostbrasil]

This is a security release. It addresses CVE-2026-48840 (pre-authentication information disclosure in the PROXY-protocol parser).

More details: https://www.exim.org/static/doc/security/EXIM-Security-2026-05-19.1.txt

 

[ccto]

It looks the default Exim, shipped by DirectAdmin (AlmaLinux 8 , AlmaLinux 9) , does not compile with SUPPORT_PROXY.
I hope we are not vulnerable.

 

[Ohm J]

This look like CVE when putting Exim behide the proxy, like using nginx as load balance and passthrough the traffic as PROXY.
But ours service not using that 99%, 1% might be some super hosting provdier that make load balance for sending mail with multi server/Location.