Roundcube 1.4.8, 1.3.15 and 1.2.12 released

Software 42311 Published by

Roundcube 1.4.8, 1.3.15 and 1.2.12 has been released to address two security issues. Roundcube is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking.





Dear subscribers

We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail.
They all contain two recently reported cross-site scripting (XSS) vulnerabilities. The 1.4.8 release also contains a number of general improvements from our issue tracker [1].

Security fixes:
* Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145)
* Fix cross-site scripting (XSS) via HTML messages with malicious math content

Credits for these two findings go to Łukasz Pilorz from Pentesters [2].

See the full changelogs in the release notes on the Github download pages for the updated versions.

We strongly recommend updating all productive installations of Roundcube
with these new versions. Download the latest tarballs from https://roundcube.net/download

Best,
Alec & Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.8
[2] https://www.pentesters.pl/

Roundcube

How to Enable Windows 10 Insider Program Without a Microsoft Account

How to Create a Comprehensive Mail Server on Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...