bump smarty to 4.5.3 (the smarty release is regarded as a security fix ( CVE-2024-35226 ). PostfixAdmin should not be vulnerable as it does not use the extends tag.

lib/smarty/libs/plugins/modifiercompiler.count_characters.php

@@ -25,8 +25,8 @@ function smarty_modifiercompiler_count_characters($params)
         return 'preg_match_all(\'/[^\s]/' . Smarty::$_UTF8_MODIFIER . '\',' . $params[ 0 ] . ', $tmp)';
     }
     if (Smarty::$_MBSTRING) {
-        return 'mb_strlen(' . $params[ 0 ] . ', \'' . addslashes(Smarty::$_CHARSET) . '\')';
+        return 'mb_strlen((string) ' . $params[ 0 ] . ', \'' . addslashes(Smarty::$_CHARSET) . '\')';
     }
     // no MBString fallback
-    return 'strlen(' . $params[ 0 ] . ')';
+    return 'strlen((string) ' . $params[ 0 ] . ')';
 }