Dear subscribers

We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a recently reported stored XSS vulnerability found and kindly reported by Alex Birnberg (birnbergalex@gmail.com).

The 1.4.10 release also contains a few general improvements from our issue tracker.

See the full changelogs in the release notes on the Github download pages for the updated versions:

https://github.com/roundcube/roundcubemail/releases/tag/1.4.10

https://github.com/roundcube/roundcubemail/releases/tag/1.3.16

https://github.com/roundcube/roundcubemail/releases/tag/1.2.13

We strongly recommend to update all productive installations of Roundcube with these new versions.

Download them from https://roundcube.net/download/

Best wishes and a happy new year!

Alec & Thomas