Skip to content

Roundcube Webmail 1.4.10
Compare
Choose a tag to compare
@thomascube thomascube released this 27 Dec 22:02
· 1710 commits to master since this release
1.4.10
This tag was signed with the committer’s verified signature.
thomascube Thomas B.
GPG key ID: D105DEA0B545B36C
Learn about vigilant mode.
4efec49

This is a service and security update to the stable version 1.4 of Roundcube Webmail.
It contains a fix for a recently reported stored XSS vulnerability as well a small number
of general improvements from our issue tracker. See the full changelog below.

Security fix

  • Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content [CVE-2020-35730]

Credits for this finding go to Alex Birnberg.

This version is considered stable and we recommend to update all productive installations
of Roundcube with it. Please do backup your data before updating!

CHANGELOG

  • Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655)
  • Fix folder list issue when special folder is a subfolder (#7647)
  • Fix Elastic's folder subscription toggle in search result (#7653)
  • Fix state of subscription toggle on folders list after changing folder state from the search result (#7653)
  • Security: Fix cross-site scripting (XSS) via HTML or plain text messages with malicious content
Assets 8