Skip to content

@thomascube thomascube released this Nov 8, 2017 · 4849 commits to master since this release

This is a security update to the LTS version 1.0. It closes a potential file disclosure vulnerability discovered in the file-based attachment plugins. While there's currently no exploit path for Roundcube 1.0.x the fix was nevertheless back-ported to protect from yet unknown zero-day exploits.

It's considered stable and we recommend to update all productive installations of Roundcube 1.0.x with this version if for some reason you're not able to upgrade to the latest stable version. Please do backup your data before updating!

CHANGELOG

  • Fix file disclosure vulnerability caused by insufficient input validation (#6026)
Assets 6
You can’t perform that action at this time.