1
News & Announcements / Security updates 1.6.7 and 1.5.7 released
« Last post by SKaero on Today at 09:10:46 AM »We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain fixes for recently reported security vulnerabilities.
Security fixes
We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.
Source: https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7
Get it Now: https://roundcube.net/download
Security fixes
- Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. Credits for this finding to Valentin T. and Lutz Wolf of CrowdStrike.
- Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences. Credits for this finding to Huy Nguyễn Phạm Nhật.
- Fix command injection via crafted im_convert_path/im_identify_path on Windows. Credits for this finding to Huy Nguyễn Phạm Nhật.
We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.
Source: https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7
Get it Now: https://roundcube.net/download