CINXE.COM

Security updates 1.6.5 and 1.5.6 released

<!DOCTYPE html> <html lang="en" class="h-100" data-bs-theme="light"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>Security updates 1.6.5 and 1.5.6 released</title> <meta name="keywords" content="round,cube,roundcube,webmail,email,mail,client,software,solution,application,imap,php,open source,free,github,development"> <meta name="description" content="Free and open source webmail software for the masses, written in PHP"> <meta name="author" content="hello [at] roundcube dot net"> <meta name="copyright" content="Roundcube Webmail Dev Team"> <meta name="robots" content="index,follow"> <meta name="revisit-after" content="7 days"> <meta name="theme-color" content="#343a40"> <meta name="msapplication-navbutton-color" content="#343a40"> <link rel="canonical" href="https://roundcube.net/news/2023/11/05/security-updates-1.6.5-and-1.5.6"> <link href="https://fonts.googleapis.com/css?family=Roboto&amp;display=swap" rel="stylesheet"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.6.0/css/all.min.css" integrity="sha384-h/hnnw1Bi4nbpD6kE7nYfCXzovi622sY5WBxww8ARKwpdLj5kUWjRuyiXaD1U2JT" crossorigin="anonymous"> <link rel="stylesheet" href="/styles/styles.min.css?v=2024021800"> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"> <link rel="alternate" type="application/rss+xml" title="Roundcube News Feed" href="/feeds/atom.xml"> <script> var host = 'roundcube.net'; if ((host == window.location.host) && (window.location.protocol != 'https:')) { window.location.protocol = 'https'; } </script> </head> <body class="d-flex flex-column h-100"> <nav class="navbar navbar-expand-md bg-navbar fixed-top flex-wrap flex-md-nowrap" data-bs-theme="dark"> <div class="container-xxl"> <a class="navbar-brand" href="/"><img src="/images/roundcube_logo_icon.svg" width="40" height="40" alt="Roundcube - open source webmail software"></a> <button class="navbar-toggler" type="button" data-bs-toggle="offcanvas" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="offcanvas offcanvas-end" id="navbarSupportedContent"> <div class="offcanvas-header p-4 pb-0"> <h5 class="offcanvas-title" id="offcanvasNavbarLabel">Roundcube</h5> <button type="button" class="btn-close" data-bs-dismiss="offcanvas" aria-label="Close"></button> </div> <div class="offcanvas-body p-4 pt-0 p-md-0"> <hr class="d-md-none text-white-50 my-3"> <ul class="navbar-nav me-auto flex-row flex-wrap"> <li class="nav-item col-6 col-md-auto"><a href="/about/" class="nav-link ">About</a></li> <li class="nav-item col-6 col-md-auto"><a href="/news/" class="nav-link active">News <span class="visually-hidden">(current)</span></a></li> <li class="nav-item col-6 col-md-auto"><a href="/screens/" class="nav-link ">Screenshots</a></li> <li class="nav-item col-6 col-md-auto"><a href="/download/" class="nav-link ">Download</a></li> <li class="nav-item col-6 col-md-auto"><a href="https://plugins.roundcube.net" class="nav-link" target="_blank">Plugins</a></li> <li class="nav-item col-6 col-md-auto"><a href="/support/" class="nav-link ">Support</a></li> <li class="nav-item col-6 col-md-auto"><a href="/contribute/" class="nav-link ">Contribute</a></li> </ul> <hr class="d-md-none text-white-50 my-3"> <ul class="navbar-nav flex-row flex-wrap ms-md-auto float-md-end"> <li class="nav-item col-6 col-md-auto"><a class="nav-link p-md-2" aria-label="GitHub" href="https://github.com/roundcube/roundcubemail" target="_blank" rel="noopener"><span class="fa-brands fa-github"></span><span class="d-md-none ps-2">GitHub</span></a></li> <li class="nav-item col-6 col-md-auto"><a class="nav-link p-md-2" aria-label="DockerHub" href="https://hub.docker.com/r/roundcube/roundcubemail/" target="_blank" rel="noopener"><span class="fa-brands fa-docker"></span><span class="d-md-none ps-2">Docker</span></a></li> <li class="nav-item col-6 col-md-auto"><a class="nav-link p-md-2" aria-label="X" href="https://x.com/roundcube" target="_blank" rel="noopener"><span class="fa-brands fa-x-twitter"></span><span class="d-md-none ps-2">X</span></a></li> </ul> </div> </div> </div> </nav> <main class="flex-shrink-0 container pb-5"> <div class="row"> <div class="col-lg-8"> <h1>Security updates 1.6.5 and 1.5.6 released</h1> <div class="mb-3 text-body-secondary fst-italic small"> <p class="mb-0">Published: 05 November 2023</p> <ul class="mb-0 list-inline"> <li class="me-1 list-inline-item">Tags:</li> <li class="me-1 list-inline-item"><a href="/news/releases"><span class="badge rounded-pill bg-badge text-secondary">releases</span></a></li> <li class="me-1 list-inline-item"><a href="/news/updates"><span class="badge rounded-pill bg-badge text-secondary">updates</span></a></li> <li class="me-1 list-inline-item"><a href="/news/security"><span class="badge rounded-pill bg-badge text-secondary">security</span></a></li> </ul> </div> <p>We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They all contain a fix for recently reported security vulnerability.</p> <h2 id="security-fix">Security fix</h2> <p>Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download. Credits for this finding go to Rene Rehme (rehme.infosec).</p> <p>See the full changelogs in the release notes on the Github download pages for the updated versions <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.6.5">1.6.5</a> and <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.5.6">1.5.6</a>.</p> <p>We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.</p> <a href="/news/" class="rc-icon back-link d-block mt-4">Return to News overview</a> </div> <div class="col-lg-4 mt-4 mt-lg-0"> <div class="card"> <div class="card-header bg-header"> <span class="text-white">Related Posts</span> </div> <ul class="list-group list-group-flush ul-striped"> <li class="list-group-item"><a href="/news/2024/09/01/updates-1.6.9-and-1.5.9-released">Updates 1.6.9 and 1.5.9 released</a></li> <li class="list-group-item"><a href="/news/2024/08/08/introducing-enterprise-support-for-roundcube">Official enterprise support now available</a></li> <li class="list-group-item"><a href="/news/2024/08/04/security-updates-1.6.8-and-1.5.8">Security updates 1.6.8 and 1.5.8 released</a></li> <li class="list-group-item"><a href="/news/2024/05/19/security-updates-1.6.7-and-1.5.7">Security updates 1.6.7 and 1.5.7 released</a></li> <li class="list-group-item"><a href="/news/2024/01/20/update-1.6.6-released">Update 1.6.6 released</a></li> </ul> </div> </div> </div> </main> <footer class="text-body-secondary w-100 mt-auto pt-3 small bg-body-tertiary"> <div class="container"> <div class="row"> <div class="col-12 col-sm-6"> <ul class="m-0 p-0"> <li><a href="/support">Support</a></li> <li><a href="/contact">Contact</a></li> <li><a href="https://github.com/roundcube/roundcubemail/wiki/Howto-Report-Issues" class="rc-icon external-link" target="_blank" rel="noopener">Found a bug?</a></li> <li><a href="/license">License</a></li> <li class="mt-3"> <div class="color-modes dropend"> <a class="dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false"> <span class="fa-solid fa-palette me-1"></span> Switch theme </a> <ul class="dropdown-menu py-1"> <li><a class="dropdown-item px-2 pe-3 py-1 rc-icon light-mode" href="#" onclick="switch_color_mode('light'); return false;">Light theme</a></li> <li><a class="dropdown-item px-2 pe-3 py-1 rc-icon dark-mode" href="#" onclick="switch_color_mode('dark'); return false;">Dark theme</a></li> <li><a class="dropdown-item px-2 pe-3 py-1 rc-icon auto-mode current-theme" href="#" onclick="switch_color_mode('auto'); return false;">Auto detect</a></li> </ul> </div> </li> </ul> </div> <div class="col-12 col-sm-6 mt-4 mt-sm-0 text-sm-end"> <ul class="m-0 p-0"> <li><a aria-label="GitHub" href="https://github.com/roundcube/roundcubemail" target="_blank" rel="noopener"><img src="https://img.shields.io/github/stars/roundcube/roundcubemail?color=%23066da5&label=stars&logo=github&logoColor=%23fff&style=flat-square" alt="GitHub Stars"></a></li> <li><a aria-label="GitHub Contributors" href="https://github.com/roundcube/roundcubemail/graphs/contributors" target="_blank" rel="noopener"><img src="https://img.shields.io/github/contributors/roundcube/roundcubemail?color=%23066da5&label=contributors&logo=github&logoColor=%23fff&style=flat-square" alt="GitHub Contributors"></a></li> <li><a aria-label="DockerHub" href="https://hub.docker.com/r/roundcube/roundcubemail/" target="_blank" rel="noopener"><img src="https://img.shields.io/docker/pulls/roundcube/roundcubemail?color=%23066da5&label=pulls&logo=docker&logoColor=%23fff&style=flat-square" alt="Docker Downloads"></a></li> </ul> </div> </div> <div class="row mt-5"> <div class="col"> <p>Hosted by <a href="https://github.com"><span class="fa-brands fa-github"></span> GitHub</a></p> <p>&copy; Roundcube.net, all rights reserved.</p> </div> </div> </div> </footer> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz" crossorigin="anonymous"></script> <script> var color_mode = 'auto'; if (typeof(Storage) !== "undefined" && window.localStorage.getItem("color-mode") !== null) { color_mode = window.localStorage.getItem("color-mode"); } switch_color_mode(color_mode, true); function switch_color_mode(mode, onload) { var color_mode = mode; if (mode == 'auto') { color_mode = window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light'; } document.getElementsByTagName('html')[0].setAttribute('data-bs-theme', color_mode) document.querySelector('div.color-modes > ul.dropdown-menu a.current-theme').classList.remove('current-theme'); document.querySelector('div.color-modes > ul.dropdown-menu a.' + mode + '-mode').classList.add('current-theme'); if (!onload && typeof(Storage) !== "undefined") { if (mode == 'auto') { window.localStorage.removeItem('color-mode'); } else { window.localStorage.setItem('color-mode', mode); } } var event = new Event('switch-color-mode'); document.dispatchEvent(event); } var copytext = "Copy to clipboard"; var copycomplete = "Copied"; var copyerror = "Copy failed"; document.querySelectorAll('a.copy-popover-link').forEach((sumbtn) => { var popover = new bootstrap.Popover(sumbtn, { content: sumbtn.closest('td').querySelector('.copy-popover-target').innerHTML, html: true, customClass: 'copy-popover' }); sumbtn.addEventListener('shown.bs.popover', () => { document.querySelectorAll('div.popover a.copy-link').forEach((copybtn) => { var tooltipInstance = new bootstrap.Tooltip(copybtn, {'title': copytext}); copybtn.addEventListener("click", function(e) { clipboard(this, tooltipInstance, e); }, false); }); }); }); if (document.querySelectorAll('a.copy-popover-link').length > 0) { document.addEventListener("click", function(e) { document.querySelectorAll('a.copy-popover-link').forEach((sumbtn) => { var popover = bootstrap.Popover.getInstance(sumbtn); if (popover.tip && event.target.closest('.popover.show') == null && popover.tip.classList.contains('show')) { popover.hide(); } }); }, false); } document.querySelectorAll('a.copy-link').forEach((copybtn) => { var tooltipInstance = new bootstrap.Tooltip(copybtn, {'title': copytext}); copybtn.addEventListener("click", function(e) { clipboard(this, tooltipInstance, e); }, false); }); async function clipboard(copybtn, tooltipInstance, e) { e.preventDefault(); var payload = copybtn.closest('p,td,div').querySelector('.copy-target').textContent.trimEnd(); try { await navigator.clipboard.writeText(payload); copybuttonupdate(copybtn, tooltipInstance, 'complete', copycomplete); } catch (err) { copybuttonupdate(copybtn, tooltipInstance, 'error', copyerror); } } function copybuttonupdate(copybtn, tooltipInstance, css, text) { tooltipInstance.setContent({'.tooltip-inner': text}); copybtn.classList.add(css); window.setTimeout(function() { tooltipInstance.setContent({'.tooltip-inner': copytext}); copybtn.classList.remove(css); }, 2500); } </script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10