[Security Update] Roundcube Webmail 1.2.7
·
4642 commits
to master
since this release
1.2.7
thomascube
Thomas B.
This tag was signed with the committer’s verified signature.
thomascube
Thomas B.
This is a security update to the stable version 1.2. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651.
We strongly recommend to update all productive installations of Roundcube 1.2.x.
Please do backup your data before updating!
CHANGELOG
- Fix rewind(): stream does not support seeking (#5950)
- Fix bug where HTML messages could have been rendered empty on some systems (#5957)
- Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838, #5959)
- Fix file disclosure vulnerability caused by insufficient input validation (#6026)