We just published security updates to the 1.6 and 1.5 LTS versions of
Roundcube Webmail. They both contain a fix for recently reported
security vulnerability.
Security fixes:
- Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v.
See the full changelogs in the release notes on the Github download
pages for the updated versions 1.6.11 and 1.5.10.
https://github.com/roundcube/roundcubemail/releases/tag/1.6.11https://github.com/roundcube/roundcubemail/releases/tag/1.5.10
We strongly recommend to update all productive installations of
Roundcube 1.6.x and 1.5.x with this new versions.
--
Alec
