This is a security update to the LTS version 1.5 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:
- Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike.
- Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.5.x with it, if you can't move to 1.6 yet. Please do backup your data before updating!