[RCD] Security updates 1.2.5, 1.1.9 and 1.0.11 released

Thomas Bruederli thomas at roundcube.net
Fri Apr 28 11:21:44 CEST 2017


Dear subscribers

We just published updates to all stable versions 1.x delivering important
bug fixes and improvements which we picked from the upstream branch.

The updates primarily fix a recently discovered vulnerability in the
virtualmin and sasl drivers of the password plugin (CVE-2017-8114). More
details about this vulnerability will be published soon by the reporter.
Security-wise the update is therefore only relevant for those installations
of Roundcube using the password plugin with either one of these drivers.

See the full changelog for the according version in the release notes on
the Github download pages:

https://github.com/roundcube/roundcubemail/releases/tag/1.2.5
https://github.com/roundcube/roundcubemail/releases/tag/1.1.9
https://github.com/roundcube/roundcubemail/releases/tag/1.0.11

All versions are considered stable and we recommend to update all
productive installations of Roundcube with either of these versions.

As usual, don’t forget to backup your data before updating!

Kind regards,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.roundcube.net/pipermail/dev/attachments/20170428/7a568adf/attachment.html>


More information about the dev mailing list