Hello Rainer
The 1.0.x series is not affected as it doesn't support SVG elements but the fix for that particular issue was a rather general one and we'll publish an update to that series soon.
Best, Thomas
On Mon, Mar 27, 2017 at 10:30 AM, Security seclists@uni-due.de wrote:
Hello, will there be a security update for the vulnerability CVE-2017-6820 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6820)?
The roundcube web page announces a "low maintenance" support of version 1.0.x. As far as I know this version isn't officially discontinued and not out of support, is it?
Thanks in advance, Rainer _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users