Roundcube 1.7 RC2 released
The second release candidate for Roundcube's upcoming big version 1.7 has just landed, and it's ready for your testing attention. This update isn't all about new features necessarily; its main job was tackling some serious issues discovered since the first RC dropped.
This update resolved two security issues. Firstly, the handling of certain SVG animations revealed a nasty cross-site scripting vulnerability. Good thing someone from CrowdStrike raised this alert, and Valentin T. promptly reported it on GitHub.
Then there's an update to the core HTML style sanitizer component, which helps prevent specific kinds of information disclosure problems. Another anonymous developer also flagged this issue; it's encouraging to see developers from outside the main team contributing fixes.
On a slightly different note for Postgres users specifically: the developer fixed that long-standing syntax error in the DDL scripts used for database migration (issue #10052). That's a big step towards making 1.7 generally ready for prime time, though it always pays to test thoroughly yourself first!
So if you're planning an upgrade from your current version and want to stay on top of these changes, keep this RC handy. The standard migration scripts should handle things fine; just remember to back up everything before you start installing!
Release Roundcube 1.7 RC2
This is the second release candidate for the next major version 1.7 of Roundcube webmail. It fixes two security issues and one syntax error in a database migration file for Postgres databases.
