On 03/27/2013 06:02 PM, Thomas Bruederli wrote:
After getting reports about a possible vulnerability of Roundcube which allows an attacker to modify its users preferences in a way that he/she can then read files from the server, we now published updated packages as well as patches that fix this security issue.
Please update all your Roundcube installations with the new versions (0.9-rc2, 0.8.6, 0.7.4) or patch them with the published patches.
Thanks for this work. I don't yet see the tags for these releases in the git repo at https://github.com/roundcube/roundcubemail
maybe someone needs to "git push --tags" ?
If it would be possible to sign the tags when creating them, that would be very much appreciated :)
Thanks for roundcube!
--dkg