We just published another update to the both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch.
Included is a fix for a recently reported security issue when using PHP’s mail() function. It has been discovered by Robin Peraglie using RIPS
and more details along with a CVE number will be published shortly.
See the full changelog for 1.2.3 in the wiki
. Version 1.1.7 is a security update fixing the mail() issue and thus only relevant to Roundcube installations not having an SMTP server configured for mail delivery.
Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from GitHub via roundcube.net/download
As usual, don’t forget to backup your data before updating!Source: https://roundcube.net/news/2016/11/28/updates-1.2.3-and-1.1.7-releasedGet it Now: https://roundcube.net/download