Users August 2024

users@lists.roundcube.net

4 participants
2 discussions

Start a nNew thread

confirming my request to participate in this list
by Louise Olson 24 Aug '24

24 Aug '24

hope I've done this right

3 4

Security updates 1.5.8 and 1.6.8 released
by Aleksander Machniak 04 Aug '24

04 Aug '24

Dear subscribers, We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain fixes for recently reported security vulnerabilities. - Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] - Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] Credits to Oskar Zeino-Mahmalat (Sonar) for all these findings and thanks for providing a very detailed report in a private communication. See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.8 and 1.5.8. https://github.com/roundcube/roundcubemail/releases/tag/1.6.8 https://github.com/roundcube/roundcubemail/releases/tag/1.5.8 We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions. Kind regards, Alec

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Users August 2024