Dev February 2026

dev@lists.roundcube.net

2 participants
3 discussions

Roundcube webmail 1.7 RC4 released
by Pablo Zimdahl 13 Feb '26

13 Feb '26

We just published the fourth release candidate for the next major version 1.7 of Roundcube webmail. This release fixes two minor issues, it's mostly published to fix a file permission problem in the previous release v1.7-rc3. The changes are: - Ensure correct file permissions when building a release. - Installer: Fix broken link to download the created configuration file (#10092) The tarballs can be downloaded [from roundcube.net/download](https://roundcube.net/download/). Or directly from [the release page at github.com](https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc4). We believe it is production ready, but we recommend to test it on a separate environment. Migrate existing configs with either the `installto.sh` or the `update.sh` scripts. And don't forget to backup your data before installing it! Regards, Pablo -- Pablo Zimdahl Software Engineer oOo Nextcloud - Regain control over your data pablo.zimdahl(a)nextcloud.com nextcloud.com +49 711 25 24 28 90 Nextcloud GmbH Hauptmannsreute 44A, 70192 Stuttgart, Germany GF: Frank Karlitschek HRB 227086 (AG München) Regards, Pablo -- Pablo Zimdahl Software Engineer oOo Nextcloud - Regain control over your data pablo.zimdahl(a)nextcloud.com nextcloud.com +49 711 25 24 28 90 Nextcloud GmbH Hauptmannsreute 44A, 70192 Stuttgart, Germany GF: Frank Karlitschek HRB 227086 (AG München)

1 0

Roundcube webmail 1.7 RC3 released
by Pablo Zimdahl 10 Feb '26

10 Feb '26

We just published the third release candidate for the next major version 1.7 of Roundcube webmail. This release fixes two security issues, and contains a few more fixes for several issues. The security fixes are: - Fix CSS injection vulnerability reported by CERT Polska. - Fix remote image blocking bypass via SVG content reported by nullcathedral. For the full changelog please see the release page: https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc3. The tarballs can be downloaded via roundcube.net: https://roundcube.net/download/ Or directly from the release page at github.com: https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc3 We believe it is production ready, but we recommend to test it on a separate environment. Migrate existing configs with either the `installto.sh` or the `update.sh` scripts. And don't forget to backup your data before installing it! Regards, Pablo -- Pablo Zimdahl Software Engineer oOo Nextcloud - Regain control over your data pablo.zimdahl(a)nextcloud.com nextcloud.com +49 711 25 24 28 90 Nextcloud GmbH Hauptmannsreute 44A, 70192 Stuttgart, Germany GF: Frank Karlitschek HRB 227086 (AG München)

1 0

Security updates 1.5.13 and 1.6.13 released
by Aleksander Machniak 08 Feb '26

08 Feb '26

We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain fixes for recently reported two security vulnerabilities. Security fixes: - Fix CSS injection vulnerability reported by CERT Polska. - Fix remote image blocking bypass via SVG content reported by nullcathedral. See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.13 and 1.5.13. https://github.com/roundcube/roundcubemail/releases/tag/1.6.13 https://github.com/roundcube/roundcubemail/releases/tag/1.5.13 We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions. -- Alec

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Dev February 2026