Security update 1.4.11

Published: 08 February 2021

Tags:
releases
updates
security

We just published a service and security update to the stable version 1.4 of Roundcube Webmail. It provides a fix for a recently reported stored XSS vulnerability as well a some general improvements from our issue tracker.

Security fix

Fix cross-site scripting (XSS) via HTML messages with malicious CSS content

Credits for this finding go to Mateusz Szymaniec (CERT Polska).

See the full changelog in the release notes on the Github download page.

This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from roundcube.net.

Please do backup your data before updating!

Return to News overview

Update 1.6.6 released
Nextcloud – the new home for Roundcube
Security updates 1.6.5 and 1.5.6 released
Security updates 1.5.5 and 1.4.15 released
Security update 1.6.4 released