We just published a security update to the LTS version 1.0. It contains some important bug fixes and security improvements backported from the master version.
- Fix vulnerability in handling of mail()’s 5th argument
- Fix XSS issue in href attribute on area tag
- Wash position:fixed style in HTML mail for better security
- Don’t create multipart/alternative messages with empty text/plain part
It’s considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from
roundcube.net/download.
Please do backup before updating!
Source:
https://roundcube.net/news/2017/04/06/update-1.0.10-releasedGet it Now:
https://roundcube.net/download