Hello Rainer

The 1.0.x series is not affected as it doesn't support SVG elements but the fix for that particular issue was a rather general one and we'll publish an update to that series soon.

Best,
Thomas


On Mon, Mar 27, 2017 at 10:30 AM, Security <seclists@uni-due.de> wrote:
Hello,
will there be a security update for the vulnerability CVE-2017-6820 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6820)?

The roundcube web page announces a "low maintenance" support of version 1.0.x.
As far as I know this version isn't officially discontinued and  not out of support, is it?

Thanks in advance,
Rainer
_______________________________________________
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users