Roundcube Community Forum

 

Security updates 1.6.12 and 1.5.12 released

Started by SKaero, Today at 12:49:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

SKaero

Today at 12:49:12 AM
We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain fixes for recently reported two security vulnerabilities.

Security fixes
  • Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike.
  • Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev.

See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.12 and 1.5.12.

We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.

Source: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
Get it Now: https://roundcube.net/download
Print
Go Up Pages1
User actions