Security updates 1.6.11 and 1.5.10 released

Published: 01 June 2025

Tags:
releases
updates
security

We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain a fix for recently reported security vulnerability.

Security fixes

Fix Post-Auth RCE via PHP Object Deserialization reported by Kirill Firsov.

See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.11 and 1.5.10.

We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.

Return to News overview

Update 1.6.10 released
Updates 1.6.9 and 1.5.9 released
Official enterprise support now available
Security updates 1.6.8 and 1.5.8 released
Security updates 1.6.7 and 1.5.7 released