Skip to content

[Security Update] Roundcube Webmail 1.1.10

Compare
Choose a tag to compare
@thomascube thomascube released this 08 Nov 19:06
· 4647 commits to master since this release
1.1.10

This is a security update to the stable version 1.1. It fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651.

We strongly recommend to update all productive installations of Roundcube 1.1.x.
Please do backup your data before updating!

CHANGELOG

  • Fix file disclosure vulnerability caused by insufficient input validation (#6026)