Roundcube 1.7 RC3 released

We just published the third release candidate for the next major version 1.7 of Roundcube webmail.

This release fixes two security issues, and contains a few more fixes for several issues.

The security fixes are:

• Fix CSS injection vulnerability reported by CERT Polska.
• Fix remote image blocking bypass via SVG content reported by nullcathedral.

For the full changelog please see the release page.

The tarballs can be downloaded via roundcube.net.

Or directly from the release page at github.com.

We believe it is production ready, but we recommend to test it on a separate environment.

Migrate existing configs with either the installto.sh or the update.sh scripts.

And don’t forget to backup your data before installing it!