Roundcube Community Forum

News and Announcements => News & Announcements => Topic started by: SKaero on March 05, 2021, 05:51:54 PM

Title: Security update 1.4.11
Post by: SKaero on March 05, 2021, 05:51:54 PM
We just published a service and security update to the stable version 1.4 of Roundcube Webmail. It provides a fix for a recently reported stored XSS vulnerability as well a some general improvements from our issue tracker.

Security fix
Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Credits for this finding go to Mateusz Szymaniec (CERT Polska).

See the full changelog in the release notes ( on the Github download page.

This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from (

Please do backup your data before updating!

Get it Now: