Roundcube Community Forum
News and Announcements => News & Announcements => Topic started by: SKaero on April 09, 2017, 09:39:49 AM
-
We just published a security update to the LTS version 1.0. It contains some important bug fixes and security improvements backported from the master version.
- Fix vulnerability in handling of mail()’s 5th argument
- Fix XSS issue in href attribute on area tag
- Wash position:fixed style in HTML mail for better security
- Don’t create multipart/alternative messages with empty text/plain part
It’s considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from roundcube.net/download (https://roundcube.net/download).
Please do backup before updating!
Source: https://roundcube.net/news/2017/04/06/update-1.0.10-released
Get it Now: https://roundcube.net/download