Roundcube 1.6.5
6 November 2023
Roundcube version 1.6.5 is now available (security release).
Upgrading to Roundcube 1.6.5
Roundcube 1.6.5 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Roundcube updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Roundcube install to test the 1.6.5 upgrade prior to applying it live. Get started managing your Roundcube installations with Installatron
What's New in Roundcube 1.6.5
Security
- Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download reported by Rene Rehme (rehme.infosec).
Bug Fixes
- Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
- Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166)
- Fix PHP warnings (#9174)
- Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175)
- Fix bug where images attached to application/smil messages weren't displayed (#8870)
- Fix PHP string replacement error in utils/error.php (#9185)
- Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162)