Security update for 0.2-beta

Published: 16 December 2008

There were two security issues reported which are now fixed. The first was as possible code injection using the html2text conversion script. The other exploit used the unchecked size parameters of the quota image to let PHP create huge images eating up all the server memory.

The two vulnerable scripts were updated in the current 0.2-beta package and for existing RoundCube installations we recommend to download downloads.sourceforge.net/roundcubemail/roundcubemail-0.2-beta-patch.tar.gz and to replace all the files with the new versions found in the archive.

Return to News overview

Update 1.6.6 released
Nextcloud – the new home for Roundcube
Security updates 1.6.5 and 1.5.6 released
Security updates 1.5.5 and 1.4.15 released
Security update 1.6.4 released