ยซ Changelog History


Roundcube v1.4.7 Release Notes

Release Date: 2020-07-05 // almost 4 years ago

  • โšก๏ธ This is a service and security update to the stable version 1.4 of Roundcube Webmail.
    ๐Ÿ”’ It contains a fix for recently reported security vulnerability as well a small number of general improvements from our issue tracker. See the full changelog below.

    ๐Ÿ”’ Security fix

    Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace (CVE-2020-15562)

    Credits for this finding go to SSD Secure Disclosure.

    โšก๏ธ This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!

    ๐Ÿ”„ CHANGELOG

    • ๐Ÿ›  Fix bug where subfolders of special folders could have been duplicated on folder list
    • ๐Ÿ‘ท Increase maximum size of contact jobtitle and department fields to 128 characters
    • ๐Ÿ›  Fix missing newline after the logged line when writing to stdout (#7418)
    • Elastic: Fix context menu (paste) on the recipient input (#7431)
    • ๐Ÿ›  Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
    • Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455)
    • ๐Ÿ”’ Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace