Roundcube Project News - Securiry

We just published updates to all stable versions 1.x delivering important bug fixes and improvements which we picked from the upstream branch.

We just published a security update to the LTS version 1.0. It contains some important bug fixes and security improvements backported from the master version.

We just published another update to the both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch.

We just published another update to the both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch.

We just published updates to both stable versions 1.2 and 1.1 delivering important bug fixes and and again more improvements of the Enigma plugin introduced in version 1.2. Version 1.1.6 comes with cherry-picked fixes from the more recent version and improvements in contacts searching as well as a few localization fixes.

We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes and helps protecting Roundcube against more XSS and CSRF attacks. Version 1.1.5 also has two new plugin hooks integrated and version 1.0.9 comes with cherry-picked fixes from the more recent version to ensure proper long term support.

We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes one of which seals a potential path traversal vulnerability reported by High-Tech Bridge Security Research Lab.

We just published a security update to the stable version 1.0. Beside a recently reported Cross-Site-Scripting vulnerability, this release also contains some bug fixes and improvements we found important for the long term support branch of Roundcube.

We’re proud to announce the next service release to the stable version 1.0. It contains a security fix along with some bug fixes and improvements for the long term support branch of Roundcube. The most important ones are:

We just published new releases which fix a recently reported vulnerability that allows an attacker to overrwrite configuration settings using user preferences. This can result in random file access, manipulated SQL queries and even code execution. The latter one only affects versions 0.8.6 and older.