Roundcube v1.1.11 Release Notes

Release Date: 2018-04-18 // over 4 years ago
  • โšก๏ธ This is a security update to the stable version 1.2. It fixes a recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under CVE-2018-9846.

    ๐Ÿ’… The second fix is about a missed remote content blocking on HTML messages with specially crafted image and style tags.

    โšก๏ธ We strongly recommend to update all productive installations of Roundcube 1.1.x.
    โšก๏ธ Please do backup your data before updating!

    ๐Ÿ”„ CHANGELOG

    • ๐Ÿ‘‰ Don't ignore (global) userlogins/sendmail logs in per_user_logging mode
    • ๐Ÿ›  Fix security issue in remote content blocking on HTML image and style tags (#6178)
    • Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
    • ๐Ÿ›  Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)