Version 1.1.12
This is a follow-up to the recent security update for the stable version 1.1. It fixes a regression that sneaked in with the IMAP command injection protection which unintentionally disabled actions that operate on all selected messages (e.g. mark all as junk).
We recommend to update all productive installations of Roundcube 1.1.11. Please do backup your data before updating!
CHANGELOG
Version 1.1.11
This is a security update to the stable version 1.1. It fixes a recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under CVE-2018-9846.
The second fix is about a missed remote content blocking on HTML messages with specially crafted image and style tags.
We strongly recommend to update all productive installations of Roundcube 1.1.x. Please do backup your data before updating!
CHANGELOG
Please login to add feedback.
This update has been submitted for testing by remi.
This update has obsoleted roundcubemail-1.1.11-1.el7, and has inherited its bugs and notes.
This update has been pushed to testing.
remi edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by remi.
This update has been pushed to testing.
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for batched by remi.
This update has been submitted for stable by remi.
This update has been pushed to stable.