Menü Schließen

roundcube Webmailer Bugfix und Security Release 1.5.7 und 1.6.7

roundcube - Logo

Der belliebte Webmailer Roundcube erhielt das Security und Bugfix Update 1.6.7 und 1.5.7 für den 1.5er Zweig. Die Updates schließen 4 Sicherheitslücken und beheben einige Fehler die den Webmailer sicherer und stabiler machen.

roundcube 1.6.7 Release Notes

Security

  • Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes.
    Reported by Valentin T. and Lutz Wolf of CrowdStrike.
  • Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences.
    Reported by Huy Nguyễn Phạm Nhật.
  • Fix command injection via crafted im_convert_path/im_identify_path on Windows.
    Reported by Huy Nguyễn Phạm Nhật.

Changes

  • Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
  • Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
  • Fix bug in collapsing/expanding folders with some special characters in names (#9324)
  • Fix PHP8 warnings (#9363, #9365, #9429)
  • Fix missing field labels in CSV import, for some locales (#9393)

Quelle: https://github.com/roundcube/roundcubemail/releases/tag/1.6.7

roundcube 1.5.7 Release Notes

Security

  • Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes.
    Reported by Valentin T. and Lutz Wolf of CrowdStrike.
  • Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences.
    Reported by Huy Nguyễn Phạm Nhật.
  • Fix command injection via crafted im_convert_path/im_identify_path on Windows.
    Reported by Huy Nguyễn Phạm Nhật.

Changes

  • Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
  • Fix TinyMCE localization installation (#9266)
  • Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)

Quelle: https://github.com/roundcube/roundcubemail/releases/tag/1.5.7

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert