On 03/29/2013 07:48 AM, Vladislav Bogdanov wrote:
0.4 is vulnerable too, you're looking in a wrong place. The issue is in steps/utils/save_pref.inc.
program/steps/settings/save_prefs.inc in my tree.
This one - https://github.com/roundcube/roundcubemail/blob/bdb13a51f735623146f1ac81d932...
Ok, your version doesn't have utils/save_pref.inc and is not vulnerable, but 0.4.1 (I've checked for example) is.