[RCU] Security updates 1.4.7, 1.3.14 and 1.2.11 released

Thomas Bruederli thomas at roundcube.net
Sun Jul 5 22:42:58 CEST 2020

Dear subscribers

We just published security updates to the stable version 1.4 and the LTS
versions 1.3 and 1.2 of Roundcube Webmail.
They all contain a recently reported cross-site scripting (XSS)
vulnerability via HTML messages with malicious svg/namespace.
Credits for this finding go to SSD Secure Disclosure [1].

The 1.4.7 release also contains a number of general improvements from our
issue tracker.
See the full changelog in the release notes on the Github download page [2].

We strongly recommend to update all productive installations of Roundcube
with these new versions.
Download the latest tarballs from https://roundcube.net/download

Alec & Thomas

[1] https://ssd-disclosure.com/
[2] https://github.com/roundcube/roundcubemail/releases/tag/1.4.7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.roundcube.net/pipermail/users/attachments/20200705/5fc23eec/attachment.html>

More information about the users mailing list