Roundcube v1.1.11 Release Notes
Release Date: 2018-04-18 // about 6 years ago-
โก๏ธ This is a security update to the stable version 1.2. It fixes a recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under
CVE-2018-9846
.๐ The second fix is about a missed remote content blocking on HTML messages with specially crafted image and style tags.
โก๏ธ We strongly recommend to update all productive installations of Roundcube 1.1.x.
โก๏ธ Please do backup your data before updating!๐ CHANGELOG
- ๐ Don't ignore (global) userlogins/sendmail logs in per_user_logging mode
- ๐ Fix security issue in remote content blocking on HTML image and style tags (#6178)
- Fix
check_request()
bypass in places usingget_uids()
[CVE-2018-9846] (#6238) - ๐ Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)