Security updates 1.4.8, 1.3.15 and 1.2.12 released
10 August 2020
We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain two recently reported cross-site scripting (XSS) vulnerabilities. The 1.4.8 release also contains a number of general improvements from our issue tracker.
- Fix cross-site scripting (XSS) via HTML messages with malicious svg content (
- Fix cross-site scripting (XSS) via HTML messages with malicious math content
Credits for these two findings go to Łukasz Pilorz from Pentesters.
We strongly recommend to update all productive installations of Roundcube with this new versions.Return to News overview