Roundcube Stable version - 1.4.7

## Security fix

Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace ( CVE-2020-15562 )

Credits for this finding go to SSD Secure Disclosure.

This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!

## CHANGELOG

  • Fix bug where subfolders of special folders could have been duplicated on folder list
  • Increase maximum size of contact jobtitle and department fields to 128 characters
  • Fix missing newline after the logged line when writing to stdout (#7418)
  • Elastic: Fix context menu (paste) on the recipient input (#7431)
  • Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
  • Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455)
  • Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace

Sorry I do not have Git account :frowning:

1 Like

I opened an issue there for you.

3 Likes