Security updates 1.4.7, 1.3.14 and 1.2.11 released
We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain a recently reported cross-site scripting (XSS) vulnerability. The 1.4.7 release also contains a number of general improvements from our issue tracker.
Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace (
Credits for this finding go to SSD Secure Disclosure.
We strongly recommend to update all productive installations of Roundcube with this new versions.Return to News overview