Security Update for Roundcube

lvdd · March 2, 2026, 1:10pm

Hi,

there have been new versions for Roundcube webmail available since 4 weeks. These versions fix 2 CVE that were found in the versions we are running in Mail-in-a-box. There is a PR in Github available for 3 weeks: [security] Update roundcube to 1.6.13 by kiekerjan · Pull Request #2554 · mail-in-a-box/mailinabox · GitHub

Is somebody with commit permissions working on integrating this PR and release a new version of mail-in-a-box? If not, I will start investigating how I can disable Roundcube altogether.

regards
Lars

KiekerJan · March 2, 2026, 4:39pm

Josh will probably include it in the next update of Mailinabox, but when this will be, I don´t know.