Upstream announcement for version 1.3.3
This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651.
We strongly recommend to update all productive installations of Roundcube. Please do backup your data before updating!
Changelog
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2017-1560290881
Please login to add feedback.
This update has been submitted for testing by remi.
remi edited this update.
This update has been pushed to testing.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for batched by remi.
This update has been submitted for stable by remi.
This update has been pushed to stable.