Update 1.0.10 released

06 April 2017

We just published a security update to the LTS version 1.0. It contains some important bug fixes and security improvements backported from the master version.

  • Fix vulnerability in handling of mail()’s 5th argument
  • Fix XSS issue in href attribute on area tag
  • Wash position:fixed style in HTML mail for better security
  • Don’t create multipart/alternative messages with empty text/plain part

It’s considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from roundcube.net/download.

Please do backup before updating!

Back to list