Roundcube 1.6.7
20 May 2024
Roundcube version 1.6.7 is now available (security release).
Upgrading to Roundcube 1.6.7
Roundcube 1.6.7 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Roundcube updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Roundcube install to test the 1.6.7 upgrade prior to applying it live. Get started managing your Roundcube installations with Installatron
What's New in Roundcube 1.6.7
This is a security update to the stable version 1.6 of Roundcube Webmail.
Security
- Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes.
- Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences.
- Fix command injection via crafted im_convert_path/im_identify_path on Windows.
Bug Fixes and Changes
- Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
- Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
- Fix bug in collapsing/expanding folders with some special characters in names (#9324)
- Fix PHP8 warnings (#9363, #9365, #9429)
- Fix missing field labels in CSV import, for some locales (#9393)
- Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
- Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
- Fix command injection via crafted im_convert_path/im_identify_path on Windows