Roundcube Webmail has announced the release of two new versions: 1.6.12 and 1.5.12, aimed at enhancing the security of its web-based email client. These updates address critical vulnerabilities found in earlier versions, notably a Cross-Site Scripting (XSS) flaw linked to SVG elements, and issues within the HTML sanitation process that could lead to security breaches or unauthorized information disclosure. Users of Roundcube 1.6.x or earlier are strongly encouraged to upgrade to version 1.6.12, while those on the older Long Term Support (LTS) version may update to 1.5.12.

In addition to the crucial security patches, these updates introduce several minor improvements. Version 1.6.12 adds IPv6 support for database settings, enhances contact search functionality by better managing vCard fields, and removes a setting that previously forced error reporting, leading to a cleaner user experience. Furthermore, compatibility with PHP 8.5 has been established, addressing potential issues for users operating on newer server environments.

For those still using version 1.5, the 1.5.12 update provides similar security enhancements, particularly regarding the SVG XSS vulnerability and HTML sanitizer flaws. It is recommended to upgrade whenever feasible, ideally moving to version 1.6.12 for optimal security and performance. However, if the 1.5 LTS version remains necessary, applying the latest patch will still significantly bolster security against identified threats.

As a general best practice, users should always back up their data before undertaking major updates to ensure the safety and integrity of their information.

In conclusion, it is crucial for users of Roundcube Webmail to prioritize these updates to safeguard their email communications from potential vulnerabilities, while also benefiting from the enhanced functionality offered by the latest releases

Roundcube Webmail 1.6.12 and 1.5.12 released

Roundcube Webmail has released new versions for its 1.6 and 1.5 series, specifically version 1.6.12 and 1.5.12, which focus on addressing several security vulnerabilities in older versions of the software. The critical fixes include preventing Cross-Site-Scripting (XSS) issues triggered by certain SVG elements and vulnerabilities in HTML formatting that could lead to attacks or information disclosure. Users running Roundcube 1.6.x or earlier are advised to upgrade to version 1.6.12 immediately, while those using the older LTS version can update to 1.5.12 if necessary. The updates also bring smaller benefits such as IPv6 support for database settings and improved contact search functionality.

Roundcube Webmail 1.6.12 and 1.5.12 released @ Linux Compatible