Upstream announcement for Version 1.1.10
This is a security update to the stable version 1.1. It fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651.
We strongly recommend to update all productive installations of Roundcube 1.1.x. Please do backup your data before updating!
Please login to add feedback.