Skip to content

Commit b2605e6

Browse files
alecplalecpl
committed
Security updates 1.7-rc5, 1.6.14 and 1.5.13 released
1 parent 2585c72 commit b2605e6

2 files changed

Lines changed: 44 additions & 17 deletions

File tree

_data/releases.json

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,25 @@
11
{
22
"stable": {
33
"name": "Stable version",
4-
"version": "1.6.13",
4+
"version": "1.6.14",
55
"sources": [
66
{
77
"package": "Dependent",
8-
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.13/roundcubemail-1.6.13.tar.gz",
8+
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.14/roundcubemail-1.6.14.tar.gz",
99
"size": "3.7 MB",
10-
"checksum": "1ee6a0877024b6ee73bda5050686487af7bc88301b2af3355a46c4ce8e327180"
10+
"checksum": "70816db28bd7d5c16ba94e518a68368109542bf78bf3696e568385283c46027a"
1111
},
1212
{
1313
"package": "Complete",
14-
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.13/roundcubemail-1.6.13-complete.tar.gz",
14+
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.14/roundcubemail-1.6.14-complete.tar.gz",
1515
"size": "5.6 MB",
16-
"checksum": "bdd1bafe79149a6b63f699fa94e7626189ec60e2c37954de7e84ee685dbbf5bb"
16+
"checksum": "4c67510729c10bd30bd064e87ebaf3f9a2d26230804862430580260b86a01609"
1717
},
1818
{
1919
"package": "Framework",
20-
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.13/roundcube-framework-1.6.13.tar.gz",
20+
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.6.14/roundcube-framework-1.6.14.tar.gz",
2121
"size": "1.1 MB",
22-
"checksum": "61a92c3152293f0e8401406e855a57ad8bea5b3f4b647565babe42658bbcddf8"
22+
"checksum": "e35134263899c36ea9e981a9f9a5b6561dbcf59450f487dbca5196ffecb229b5"
2323
}
2424
]
2525
},
@@ -33,34 +33,34 @@
3333
"name": "LTS versions",
3434
"sources": [
3535
{
36-
"package": "1.5.13 - Complete",
37-
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.5.13/roundcubemail-1.5.13-complete.tar.gz",
36+
"package": "1.5.14 - Complete",
37+
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.5.14/roundcubemail-1.5.14-complete.tar.gz",
3838
"size": "7.2 MB",
39-
"checksum": "37a8309882d782fa0b39d0f6e1efaa443b96e720e9e2c51106fb230926cca2f9"
39+
"checksum": "c12dc9179c3ad6d3b3c4e7af080aef887cf9e4e6fb13b628343d135fcc8263a1"
4040
}
4141
]
4242
},
4343
"beta": {
4444
"name": "Release candidate",
45-
"version": "1.7-rc4",
45+
"version": "1.7-rc5",
4646
"sources": [
4747
{
4848
"package": "Dependent",
49-
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.7-rc4/roundcubemail-1.7-rc4.tar.gz",
49+
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.7-rc5/roundcubemail-1.7-rc5.tar.gz",
5050
"size": "4.0 MB",
51-
"checksum": "bf148cfd31195fec70e3f285221128a14ace619c61155c6c6f88d0d75edaf776"
51+
"checksum": "33139a02828982b3359b73668ddcfb9b81e99a03b1864c94a14373770fe086c9"
5252
},
5353
{
5454
"package": "Complete",
55-
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.7-rc4/roundcubemail-1.7-rc4-complete.tar.gz",
55+
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.7-rc5/roundcubemail-1.7-rc5-complete.tar.gz",
5656
"size": "6.1 MB",
57-
"checksum": "a2a5aa6e0be3a7ab2290f193f233560dd3ef183bd3cd52de415a7b7ac9b6cb1e"
57+
"checksum": "2062e74731568f44e026d532794a53633ea85bd6b45a78e341fed9b33cda3590"
5858
},
5959
{
6060
"package": "Framework",
61-
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.7-rc4/roundcube-framework-1.7-rc4.tar.gz",
61+
"url": "https://github.com/roundcube/roundcubemail/releases/download/1.7-rc5/roundcube-framework-1.7-rc5.tar.gz",
6262
"size": "1.1 MB",
63-
"checksum": "9ee4f4d3ce39a72de9dc23aee57fe4579b9c20e37b1b8899df73340f49335697"
63+
"checksum": "1192b7618fa9b63f340103a50c9828676f8ccc32ff72eefdc5328123fdf37512"
6464
}
6565
]
6666
}

_posts/2026-03-18-security-updates-1.7-rc5-1.6.14-1.5.16.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
---
2+
layout: article
3+
title: Security updates 1.7-rc5, 1.6.14 and 1.5.13 released
4+
tags: releases updates security
5+
---
6+
7+
We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail, as well as a release candidate for coming 1.7.
8+
They contain fixes for recently reported set of security vulnerabilities.
9+
10+
## Security fixes
11+
12+
- Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler, reported by y0us.
13+
- Fix bug where a password could get changed without providing the old password, reported by flydragon777.
14+
- Fix IMAP Injection + CSRF bypass in mail search, reported by Martila Security Research Team.
15+
- Fix remote image blocking bypass via various SVG animate attributes, reported by nullcathedral.
16+
- Fix remote image blocking bypass via a crafted body background attribute, reported by nullcathedral.
17+
- Fix fixed position mitigation bypass via use of !important, reported by nullcathedral.
18+
- Fix XSS issue in a HTML attachment preview, reported by aikido_security.
19+
- Fix SSRF + Information Disclosure via stylesheet links to a local network hosts, reported by Georgios Tsimpidas (aka Frey), Security Researcher at https://i0.rs/.
20+
21+
See the full changelogs in the release notes on the Github download pages for the updated versions
22+
23+
- [1.7-rc5](https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5)
24+
- [1.6.14](https://github.com/roundcube/roundcubemail/releases/tag/1.6.14)
25+
- [1.5.14](https://github.com/roundcube/roundcubemail/releases/tag/1.5.14).
26+
27+
We strongly recommend to update your productive installations of Roundcube with this new versions.

0 commit comments

Comments
 (0)