Roundcube Webmail 1.3.14
·
4026 commits
to master
since this release
1.3.14
thomascube
Thomas B.
This tag was signed with the committer’s verified signature.
thomascube
Thomas B.
This is a security update to the LTS version 1.3.
It fixes a recently reported cross-site scripting (XSS) vulnerability via HTML messages with malicious svg/namespace (CVE-2020-15562).
Credits for this finding go to SSD Secure Disclosure.
This version in considered stable and we strongly recommend to update all productive
installations of Roundcube 1.3.x with it. Please do backup your data before updating!