Hello, will there be a security update for the vulnerability CVE-2017-6820 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6820)?
The roundcube web page announces a "low maintenance" support of version 1.0.x. As far as I know this version isn't officially discontinued and not out of support, is it?
Thanks in advance, Rainer
Hello Rainer
The 1.0.x series is not affected as it doesn't support SVG elements but the fix for that particular issue was a rather general one and we'll publish an update to that series soon.
Best, Thomas
On Mon, Mar 27, 2017 at 10:30 AM, Security seclists@uni-due.de wrote:
Hello, will there be a security update for the vulnerability CVE-2017-6820 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6820)?
The roundcube web page announces a "low maintenance" support of version 1.0.x. As far as I know this version isn't officially discontinued and not out of support, is it?
Thanks in advance, Rainer _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users