github roundcube/roundcubemail 1.6.5
Roundcube Webmail 1.6.5

latest releases: 1.6.9, 1.5.9, 1.6.8...
12 months ago

This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:

  • Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download reported by Rene Rehme (rehme.infosec).

This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!

CHANGELOG

  • Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
  • Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166)
  • Fix PHP warnings (#9174)
  • Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175)
  • Fix bug where images attached to application/smil messages weren't displayed (#8870)
  • Fix PHP string replacement error in utils/error.php (#9185)
  • Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162)
  • Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download

Don't miss a new roundcubemail release

NewReleases is sending notifications on new releases.