0006213: SOGo 5.12.8 wrongly displays certain mail content containing = character - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0006213	SOGo	Web Mail	public	2026-05-20 10:39	2026-05-20 14:31

Reporter	wiene	Assigned To	qhivert
Priority	normal	Severity	major	Reproducibility	always
Status	assigned	Resolution	open

Summary	0006213: SOGo 5.12.8 wrongly displays certain mail content containing = character
Description	SOGo 5.12.8 wrongly displays certain mail content containing a = character. Here are a few examples: Example content 1: https://example.org/bla?institutioncode=123&id=1234 Example content 2: Monday=Start of the week In particular the fact that some URLs are broken can be quite disturbing (think of e. g. double opt-in links or password recovery links). I think this is a regression of the fix for CVE-2026-8496: https://github.com/Alinto/sogo/commit/67ce01ec2a1a7854d8e9f615dd65afb949043e86.
Steps To Reproduce	Send emails with contents above and view those mails in SOGo.
Tags	No tags attached.

qhivert 2026-05-20 14:09 administrator ~0018476	Hello, yes you're very right. I've already made a fix yesterday available with the last nightly. Could you try it and check that this is indeed fixed?

wiene 2026-05-20 14:27 reporter ~0018478	Many thanks! I can confirm that the issue is fixed in 5.12.8.20260520-1. I suppose that it is this commit that fixes the issue: https://github.com/Alinto/sogo/commit/c45233c11e250a22fa1e1f3e47fee2d6e232045b Is that correct?

qhivert 2026-05-20 14:31 administrator ~0018479	Yes! We're reviewing all regression reported and we will make a 5.12.9 soon enough.

Date Modified	Username	Field	Change
2026-05-20 10:39	wiene	New Issue
2026-05-20 14:09	qhivert	Note Added: 0018476
2026-05-20 14:09	qhivert	Assigned To	=> qhivert
2026-05-20 14:09	qhivert	Status	new => feedback
2026-05-20 14:27	wiene	Note Added: 0018478
2026-05-20 14:27	wiene	Status	feedback => assigned
2026-05-20 14:31	qhivert	Note Added: 0018479