We just published the third release candidate for the next major version 1.7 of Roundcube webmail.
This release fixes two security issues, and contains a few more fixes for several issues. The security fixes are: - Fix CSS injection vulnerability reported by CERT Polska. - Fix remote image blocking bypass via SVG content reported by nullcathedral. For the full changelog please see the release page: https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc3. The tarballs can be downloaded via roundcube.net: https://roundcube.net/download/ Or directly from the release page at github.com: https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc3 We believe it is production ready, but we recommend to test it on a separate environment. Migrate existing configs with either the `installto.sh` or the `update.sh` scripts. And don't forget to backup your data before installing it! Regards, Pablo -- Pablo Zimdahl Software Engineer oOo Nextcloud - Regain control over your data [email protected] nextcloud.com +49 711 25 24 28 90 Nextcloud GmbH Hauptmannsreute 44A, 70192 Stuttgart, Germany GF: Frank Karlitschek HRB 227086 (AG München) Regards, Pablo -- Pablo Zimdahl Software Engineer oOo Nextcloud - Regain control over your data [email protected] nextcloud.com +49 711 25 24 28 90 Nextcloud GmbH Hauptmannsreute 44A, 70192 Stuttgart, Germany GF: Frank Karlitschek HRB 227086 (AG München) _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
