Security updates 1.4.7, 1.3.14 and 1.2.11 released
05 July 2020
We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain a recently reported cross-site scripting (XSS) vulnerability. The 1.4.7 release also contains a number of general improvements from our issue tracker.
Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace (
Credits for this finding go to SSD Secure Disclosure.
We strongly recommend to update all productive installations of Roundcube with this new versions.Return to News overview