Dear subscribers
We just published another update to both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch.
Included is a fix for a recently reported XSS vulnerability within CSS styles inside an SVG tag. See the full changelog for 1.2.4 in the wiki [1] and for version 1.1.8 in the release notes [2].
Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from GitHub via
https://roundcube.net/download.
As usual, don't forget to backup your data before updating!
Best,
Thomas