Roundcube Webmail 1.0.10
·
6149 commits
to master
since this release
1.0.10
thomascube
Thomas B.
This tag was signed with the committer’s verified signature.
thomascube
Thomas B.
This is a security update to the LTS version 1.0. It contains some important bug fixes and security improvements backported from the master version.
It's considered stable and we recommend to update all productive installations of Roundcube 1.0.x with this version if for some reason you're not able to ubgrate to the latest stable version. Please do backup your data before updating!
CHANGELOG
- Strip HTML tags inside CSS style definitions
- Fix vulnerability in handling of mail()'s 5th argument (CVE-2016-9920)
- Don't create multipart/alternative messages with empty text/plain part (#5283)
- Fix XSS issue in href attribute on area tag (#5240)
- Wash position:fixed style in HTML mail for better security (#5264)