Dear subscribers

We just published another update to both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch.

Included is a fix for a recently reported XSS vulnerability within CSS styles inside an SVG tag. See the full changelog for 1.2.4 in the wiki [1] and for version 1.1.8 in the release notes [2].

Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from GitHub via https://roundcube.net/download.

As usual, don't forget to backup your data before updating!

Best,
Thomas


[1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123
[2] https://github.com/roundcube/roundcubemail/releases/tag/1.1.8