Security updates 1.6.5 and 1.5.6 released
We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They all contain a fix for recently reported security vulnerability.
Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download. Credits for this finding go to Rene Rehme (rehme.infosec).
We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.Return to News overview