Roundcube Community Forum

News and Announcements => News & Announcements => Topic started by: SKaero on August 10, 2020, 04:35:52 PM

Title: Security updates 1.4.8, 1.3.15 and 1.2.12 released
Post by: SKaero on August 10, 2020, 04:35:52 PM
We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain two recently reported cross-site scripting (XSS) vulnerabilities. The 1.4.8 release also contains a number of general improvements from our issue tracker.

Security fixes


Credits for these two findings go to Ɓukasz Pilorz from Pentesters (https://www.pentesters.pl/).

See the full changelogs in the release notes on the Github download pages for the updated versions 1.4.8 (https://github.com/roundcube/roundcubemail/releases/tag/1.4.8), 1.3.15 (https://github.com/roundcube/roundcubemail/releases/tag/1.3.15) and 1.2.12 (https://github.com/roundcube/roundcubemail/releases/tag/1.2.12).

We strongly recommend to update all productive installations of Roundcube with this new versions.

Source: https://roundcube.net/news/2020/08/10/security-updates-1.4.8-1.3.15-and-1.2.12
Get it Now: https://roundcube.net/download