Roundcube Webmail 1.5.10 has been released, addressing vulnerabilities, including post-auth RCE through PHP object deserialization.
Release Roundcube Webmail 1.5.10
This is a security update to the stable version 1.5 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:
- Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.5.x with it. Please do backup your data before updating!
CHANGELOG
- Fix current script state after initial scripts creation in managesieve_kolab_master mode
- Fix regression causing inline SVG images to be missing in mail preview ( #9644)
