Roundcube Webmail 1.2.11
·
4552 commits
to master
since this release
1.2.11
thomascube
Thomas B.
This tag was signed with the committer’s verified signature.
thomascube
Thomas B.
This is a security update to the LTS version 1.2.
It fixes a recently reported cross-site scripting (XSS) vulnerability via HTML messages with malicious svg/namespace (CVE-2020-15562).
Credits for this finding go to SSD Secure Disclosure.
We strongly recommend to update all productive installations of Roundcube 1.2.x
if you cannot upgrade to a more recent version. Please do backup your data before updating!