Roundcube Project News - Securiry

Following the recent security update for 1.3, here now come the promised updates for the LTS versions 1.2 and 1.1. They both fix the recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under CVE-2018-9846.

We just published a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846.

We just published updates to all stable versions from 1.1.x onwards delivering fixes for a recently discovered file disclosure vulnerability in Roundcube Webmail.

This is a service and security update to the stable version 1.2. It contains some important bug fixes and improvements which we picked from the upstream branch.

We just published the first service release to update the stable version 1.3 which is the result of some touching-up on the new features introduced with the 1.3.0 release. For example it brings back the double-click behavior to open messages which was reduced to the list-only view. Or because the switch to change the mail view layout was a bit hidden, we also added it to the preferences section.

We just published updates to all stable versions 1.x delivering important bug fixes and improvements which we picked from the upstream branch.

We just published a security update to the LTS version 1.0. It contains some important bug fixes and security improvements backported from the master version.

We just published another update to the both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch.

We just published another update to the both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch.

We just published updates to both stable versions 1.2 and 1.1 delivering important bug fixes and and again more improvements of the Enigma plugin introduced in version 1.2. Version 1.1.6 comes with cherry-picked fixes from the more recent version and improvements in contacts searching as well as a few localization fixes.