github roundcube/roundcubemail 1.5.4
Roundcube Webmail 1.5.4

latest releases: 1.6.9, 1.5.9, 1.6.8...
14 months ago

This is a security update to the stable version 1.5 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:

  • Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar.

This version is considered stable and we recommend to update all productive installations of Roundcube 1.5.x with it. Please do backup your data before updating!

CHANGELOG

  • Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages
  • Fix so output of log_date_format with microseconds contains time in server time zone, not UTC
  • Fix so N property always exists in a vCard export (#8771)
  • Fix so rcmail::format_date() works with DateTimeImmutable input (#8867)
  • Fix bug where a non-ASCII character in app.js could cause error in javascript engine (#8894)

Don't miss a new roundcubemail release

NewReleases is sending notifications on new releases.