1.6.7 and 1.5.7 release

Author: alecpl

_data/releases.json

@@ -1,25 +1,25 @@
 {
     "stable": {
         "name": "Stable version",
-        "version": "1.6.6",
+        "version": "1.6.7",
         "sources": [
             {
                 "package": "Dependent",
-                "url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.6/roundcubemail-1.6.6.tar.gz",
+                "url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.7/roundcubemail-1.6.7.tar.gz",
                 "size": "3.8 MB",
-                "checksum": "40e4d7505b01f401e757f7439930ed96b1245ffc3863dd326fcf21e0e5847c74"
+                "checksum": "b12c4f9f84890830ce10e470ac0d698b7de00d29f432a9326b4cf8c590e558de"
             },
             {
                 "package": "Complete",
-                "url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.6/roundcubemail-1.6.6-complete.tar.gz",
+                "url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.7/roundcubemail-1.6.7-complete.tar.gz",
                 "size": "5.6 MB",
-                "checksum": "c1b93a3edbe297457396b0a031d8b13c8a5dc30c9370704dfb9b2c1225017d52"
+                "checksum": "cf52515e65b2818cb02fd7a202c766367b8c54d8b7fea27dda9c81aa7ce1d3a6"
             },
             {
                 "package": "Framework",
-                "url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.6/roundcube-framework-1.6.6.tar.gz",
+                "url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.7/roundcube-framework-1.6.7.tar.gz",
                 "size": "1.8 MB",
-                "checksum": "1ab36f7ce9cb96fc49eb2bde41d2023a421b8832fdf58e4cd1b6907401436ce9"
+                "checksum": "8c2934fbc9951f886305de84534822eaab1bd6a59e96a98dab380ad42ee5f30f"
             }
         ]
     },
@@ -33,10 +33,10 @@
         "name": "LTS versions",
         "sources": [
             {
-                "package": "1.5.6 - Complete",
-                "url": "https://github.com/roundcube/roundcubemail/releases/download/1.5.6/roundcubemail-1.5.6-complete.tar.gz",
+                "package": "1.5.7 - Complete",
+                "url": "https://github.com/roundcube/roundcubemail/releases/download/1.5.7/roundcubemail-1.5.7-complete.tar.gz",
                 "size": "7.5 MB",
-                "checksum": "9ef369a9259680be095fee0b688a47ebda5c950edf5660239e39d4e80b3b8a54"
+                "checksum": "e7ed921c0b1774a3b7d7e375d8b8916393f2cbcd62e91fb4d8eb69e6ec528fd2"
             }
         ]
     },

_posts/2024-05-19-security-updates-1.6.7-and-1.5.7.md

@@ -0,0 +1,22 @@
+---
+layout: article
+title: Security updates 1.6.7 and 1.5.7 released
+tags: releases updates security
+---
+
+We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail.
+They both contain fixes for recently reported security vulnerabilities.
+
+## Security fixes
+
+- Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes.
+  Credits for this finding to Valentin T. and Lutz Wolf of CrowdStrike.
+- Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences.
+  Credits for this finding to Huy Nguyễn Phạm Nhật.
+- Fix command injection via crafted im_convert_path/im_identify_path on Windows.
+  Credits for this finding to Huy Nguyễn Phạm Nhật.
+
+See the full changelogs in the release notes on the Github download pages for the updated versions
+[1.6.7](https://github.com/roundcube/roundcubemail/releases/tag/1.6.7) and [1.5.7](https://github.com/roundcube/roundcubemail/releases/tag/1.5.7).
+
+We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.