Roundcube v1.2.8 Release Notes

Release Date: 2018-04-17 // over 4 years ago
  • ⚡️ This is a security update to the stable version 1.2. It fixes a recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under CVE-2018-9846.

    💅 The second fix is about a missed remote content blocking on HTML messages with specially crafted image and style tags.

    ⚡️ We strongly recommend to update all productive installations of Roundcube 1.2.x.
    ⚡️ Please do backup your data before updating!


    • Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
    • 🛠 Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
    • 🛠 Fix security issue in remote content blocking on HTML image and style tags (#6178)