Skip to content

Roundcube Webmail 1.4.15

Compare
Choose a tag to compare
@alecpl alecpl released this 16 Oct 13:03
· 1899 commits to master since this release
1.4.15

This is a security update to the stable version 1.4 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:

  • Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168) reported separately by Matthieu Faou (ESET) and Denys Klymenko.

This version is considered stable and we recommend to update all productive installations of Roundcube 1.4.x with it. Please do backup your data before updating!

CHANGELOG

  • Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168)
  • Fix PHP 5.4 compatibility by using pear-core-minimal 1.10.11 (#9148)