This is the second release candidate for the next major version 1.7 of Roundcube webmail.
It fixes two security issues and one syntax error in a database migration file for Postgres databases.
The changes are:
- Fix Cross-Site-Scripting vulnerability via SVG’s animate tag reported by Valentin T., CrowdStrike.
- Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev.
- Fix syntax error in DDL scripts for Postgres (#10052)
We believe it is production ready, but we recommend to test it on a separate environment.
Migrate existing configs with either the installto.sh or the update.sh scripts.
And don't forget to backup your data before installing it!