Roundcube Community Forum

News and Announcements => News & Announcements => Topic started by: SKaero on July 09, 2020, 09:39:09 AM

Title: Security updates 1.4.7, 1.3.14 and 1.2.11 released
Post by: SKaero on July 09, 2020, 09:39:09 AM: We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain a recently reported cross-site scripting (XSS) vulnerability. The 1.4.7 release also contains a number of general improvements from our issue tracker.

Security fix
Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace. Credits for this finding go to SSD Secure Disclosure (https://ssd-disclosure.com/).

See the full changelogs in the release notes on the Github download pages for the updated versions 1.4.7 (https://github.com/roundcube/roundcubemail/releases/tag/1.4.7), 1.3.14 (https://github.com/roundcube/roundcubemail/releases/tag/1.3.14) and 1.2.11 (https://github.com/roundcube/roundcubemail/releases/tag/1.2.11).

We strongly recommend to update all productive installations of Roundcube with this new versions.

Source: https://roundcube.net/news/2020/07/05/security-updates-1.4.7-1.3.14-and-1.2.11
Get it Now: https://roundcube.net/download

SMF 2.0.19 | SMF © 2021, Simple Machines