[RCU] [RCD] Security updates 1.6.15 and 1.5.15 (and 1.7-rc6) released

29 Mar 2026

      We just published security updates to the 1.6 and 1.5 LTS versions of 
Roundcube Webmail, as well as a release candidate for coming 1.7.
It provides fixes to some regressions introduced in the previous release 
as well a recently reported security vulnerability.
## Security fixes

SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via

fill/filter/stroke, reported by class_nzm.
See the full changelogs in the release notes on the Github download 
pages for the updated versions

https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6
https://github.com/roundcube/roundcubemail/releases/tag/1.6.15
https://github.com/roundcube/roundcubemail/releases/tag/1.5.15

We strongly recommend to update your productive installations of 
Roundcube with this new versions.
-- 
Alec

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[RCU] [RCD] Security updates 1.6.15 and 1.5.15 (and 1.7-rc6) released