Skip to content

Roundcube Webmail 1.5.6
Compare
Choose a tag to compare
@alecpl alecpl released this 05 Nov 09:40
· 796 commits to master since this release
1.5.6
This tag was signed with the committer’s verified signature.
alecpl Aleksander Machniak
GPG key ID: BEE674A019359DC1
Learn about vigilant mode.
5ec4968

This is a security update to the stable version 1.5 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:

  • Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download reported by Rene Rehme (rehme.infosec).

This version is considered stable and we recommend to update all productive installations of Roundcube 1.5.x with it. Please do backup your data before updating!

CHANGELOG

  • Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download
    reported by Rene Rehme (rehme.infosec).
Assets 8