Skip to content

Roundcube Webmail 1.0.10

Compare
Choose a tag to compare
@thomascube thomascube released this 06 Apr 19:36
· 6165 commits to master since this release
1.0.10

This is a security update to the LTS version 1.0. It contains some important bug fixes and security improvements backported from the master version.

It's considered stable and we recommend to update all productive installations of Roundcube 1.0.x with this version if for some reason you're not able to ubgrate to the latest stable version. Please do backup your data before updating!

CHANGELOG

  • Strip HTML tags inside CSS style definitions
  • Fix vulnerability in handling of mail()'s 5th argument (CVE-2016-9920)
  • Don't create multipart/alternative messages with empty text/plain part (#5283)
  • Fix XSS issue in href attribute on area tag (#5240)
  • Wash position:fixed style in HTML mail for better security (#5264)