Security update 1.4.11
08 February 2021
We just published a service and security update to the stable version 1.4 of Roundcube Webmail. It provides a fix for a recently reported stored XSS vulnerability as well a some general improvements from our issue tracker.
- Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Credits for this finding go to Mateusz Szymaniec (CERT Polska).
See the full changelog in the release notes on the Github download page.
This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from roundcube.net.
Please do backup your data before updating!Return to News overview