ยซ Changelog History


Roundcube v1.3.12 Release Notes

Release Date: 2020-06-02 // almost 4 years ago

  • โšก๏ธ This is a service and security update to the LTS version 1.3 of Roundcube Webmail.
    ๐Ÿ”’ It contains four fixes for recently reported security vulnerabilities as well a
    โœ… small number of general improvements backported from the latest stable version.
    ๐Ÿ‘€ See the full changelog below.

    ๐Ÿ”’ Security fixes

    • ๐Ÿ›  Fix XSS issue in template object 'username' (#7406)
    • ๐Ÿ›  Fix cross-site scripting (XSS) via malicious XML attachment
    • ๐Ÿ›  Fix a couple of XSS issues in Installer (#7406)
    • ๐Ÿ‘ Better fix for CVE-2020-12641

    The latter two vulnerabilities again are related to public access to the Roundcube installer
    and are therefore classified minor.

    โšก๏ธ This version in considered stable and we recommend to update all productive installations
    โšก๏ธ of Roundcube 1.3.x with it. Please do backup your data before updating!

    ๐Ÿ”„ CHANGELOG

    • ๐Ÿ”’ Security: Better fix for CVE-2020-12641
    • ๐Ÿ”’ Security: Fix XSS issue in template object 'username' (#7406)
    • ๐Ÿ”’ Security: Fix couple of XSS issues in Installer (#7406)
    • ๐Ÿ”’ Security: Fix cross-site scripting (XSS) via malicious XML attachment