This is hopefully the last release candidate for the next major version 1.7 of Roundcube Webmail.
It provides a fix to recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
We believe it is production ready, but we recommend to test it on a separate environment.
Migrate existing configs with either the installto.sh or the update.sh scripts.
And don't forget to backup your data before installing it!
CHANGELOG
- Added support for arrays in smtp_user and smtp_pass config options (#10083)
- Added system health checker CLI script (#10106)
- Stricter recognition of an Ajax request (#10118)
- Password: Added Stalwart driver (#10114)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke