Roundcube Webmail 1.2.12
·
4552 commits
to master
since this release
1.2.12
thomascube
Thomas B.
This tag was signed with the committer’s verified signature.
thomascube
Thomas B.
This is a security update to the LTS version 1.2.
It fixes two recently reported cross-site scripting (XSS) vulnerabilities via HTML messages with malicious svg and math contents.
Credits for these findings go to Łukasz Pilorz from Pentesters.
We strongly recommend to update all productive installations of Roundcube 1.2.x if you cannot upgrade to a more recent version.
Please do backup your data before updating!