Skip to content

Roundcube Webmail 1.1.7
Compare
Choose a tag to compare
@thomascube thomascube released this 28 Nov 19:51
· 5110 commits to master since this release
1.1.7
This tag was signed with the committer’s verified signature.
thomascube Thomas B.
GPG key ID: D105DEA0B545B36C
Learn about vigilant mode.
4c1394c

This is a security update to the stable version 1.1. It contains one fix for a recently reported security issue when using PHP's mail() function. It has been discovered by Robin Peraglie using RIPS and more details along with a CVE number will be pulished shortly.

It's considered stable and we recommend to update all productive installations of Roundcube 1.1.x which do not have an SMTP server configured for mail delivery.

Please do backup your data before updating!

CHANGELOG

  • Fix vulnerability in handling of mail()'s 5th argument
Assets 8
Loading