Security updates 1.4.5 and 1.3.12 released
02 June 2020
We just published service and security updates to the stable version 1.4 and the LTS version 1.3 of Roundcube Webmail. They contain four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker.
- Fix XSS issue in template object
- Fix cross-site scripting (XSS) via malicious XML attachment *
- Fix a couple of XSS issues in Installer **
- Better fix for
The latter two vulnerabilities again are related to public access to the Roundcube installer and are therefore classified minor.
We strongly recommend to update all productive installations of Roundcube with this new versions.
* Credits to the security researcher Matei “Mal” Badanoiu
** Credits to the security researcher [email protected] 404Team