Versie 1.6.7 van de e-mailclient Roundcube Webmail is uitgekomen. Roundcube Webmail heeft onder andere ondersteuning voor gedeelde mappen en namespaces, internationalized domain names en smtp-delivery status-notificaties. Daarnaast is de gebruikersinterface voor IMAP-mappen aangepast om zo meer ruimte te bieden voor extensies en plug-ins. De changelog voor deze uitgave kan hieronder worden gevonden:
Roundcube Webmail 1.6.7
This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerabilities:
- Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes.
- Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences.
- Fix command injection via crafted im_convert_path/im_identify_path on Windows.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
Changelog
- Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
- Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
- Fix bug in collapsing/expanding folders with some special characters in names (#9324)
- Fix PHP8 warnings (#9363, #9365, #9429)
- Fix missing field labels in CSV import, for some locales (#9393)
- Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
- Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
- Fix command injection via crafted im_convert_path/im_identify_path on Windows
Leave a Reply
You must be logged in to post a comment.