Roundcube 1.7 RC3 has been released to address two security vulnerabilities that allowed attackers to inject malicious code into users' email views. The update includes improvements such as enhanced HTML sanitization, stricter MIME handling for SVG content, and fixes for OAuth re-login and Managesieve date tests. Additionally, new features like support for X-Forwarded-Host and X-Forwarded-Port headers, and simplified search filters for attachments have been added. Users are encouraged to upgrade to this release to ensure their email security and benefit from the quality-of-life enhancements
Roundcube 1.7 RC3 released
Roundcube 1.7 RC3 has been released to patch two security vulnerabilities that could allow attackers to inject malicious code into users' email views. The release also includes several smaller improvements, such as fixing issues with OAuth re-login and Managesieve date tests, and adding support for X-Forwarded-Host and X-Forwarded-Port headers. The patches sanitize incoming HTML more aggressively and enforce stricter MIME handling for SVG content, preventing CSS injection and SVG bypass attacks.
