Update 1.0.10 released06 April 2017
We just published a security update to the LTS version 1.0. It contains some important bug fixes and security improvements backported from the master version.
- Fix vulnerability in handling of
mail()’s 5th argument
- Fix XSS issue in href attribute on area tag
- Wash position:fixed style in HTML mail for better security
- Don’t create multipart/alternative messages with empty text/plain part
It’s considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from roundcube.net/download.
Please do backup before updating!