We just published the second release candidate for the next major version 1.7 of Roundcube webmail.
This release fixes two security issues and one syntax error in a database migration file for Postgres databases. The changes are: - Fix Cross-Site-Scripting vulnerability via SVG’s animate tag reported by Valentin T., CrowdStrike. - Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev. - Fix syntax error in DDL scripts for Postgres (#10052) The tarballs can be downloaded from github.com or roundcube.net: https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc2 https://roundcube.net/download/ We believe it is production ready, but we recommend to test it on a separate environment. Existing setups can be migrated with either the `installto.sh` or the `update.sh` scripts. Please don't forget to backup your data before updating! Regards, Pablo -- Pablo Zimdahl Software Engineer oOo Nextcloud - Regain control over your data [email protected] nextcloud.com +49 711 25 24 28 90 Nextcloud GmbH Hauptmannsreute 44A, 70192 Stuttgart, Germany GF: Frank Karlitschek HRB 227086 (AG München) _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
