Security updates 1.6.13 and 1.5.13 released

Published: 08 February 2026

Tags:
releases
updates
security

We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain fixes for recently reported two security vulnerabilities.

Security fixes

Fix CSS injection vulnerability reported by CERT Polska.
Fix remote image blocking bypass via SVG content reported by nullcathedral.

See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.13 and 1.5.13.

We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.

Return to News overview

Roundcube 1.7 RC2 released
Security updates 1.6.12 and 1.5.12 released
Roundcube 1.7 RC released
Roundcube 1.7 beta2 released
Roundcube 1.7 beta released