We just published updates to both stable versions 1.0 and 1.1 after fixing many minor bugs and adding some security improvements to the 1.1 release branch. Version 1.0.6 comes with cherry-picked fixes from the more recent version to ensure proper long term support especially in regards of security and compatibility.
The security-related fixes in particular are:
- XSS vulnerability in _mbox argument
- security improvement in contact photo handling
- potential info disclosure from temp directory
See the full changelog here (http://trac.roundcube.net/wiki/Changelog).
Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from roundcube.net/download (https://roundcube.net/download).
As usual, don't forget to backup your data before updating!
And there's one more thing: please support our crowdfunding campaign for Roundcube Next (https://roundcu.be/next) either directly or by spreading the word about it. Your help is much appreciated!
Source: https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/
Get it Now: http://roundcube.net/download
Support Roundcube Next: https://roundcu.be/next