Dear subscribers
We just published a service and security update to the stable version 1.4 of Roundcube Webmail.
It provides a fix for a recently reported stored XSS vulnerability as well a some general improvements from our issue tracker.
*Security fix*
Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Credits go to Mateusz Szymaniec (CERT Polska).
See the full changelog in the release notes on the Github download page:
This release is considered stable and we recommend to update all productive installations of Roundcube with this version.
Please do backup your data before updating!
Best,
Alec & Thomas