Solved Roundcube Security Update 1.4.11
necrevistonnezr last edited by
Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Credits for this finding go to Mateusz Szymaniec (CERT Polska).
This version is considered stable and we recommend to update all productive installations of Roundcube with it.
Please do backup your data before updating!
- Display a nice error informing about no PHP8 support
- Elastic: Fix compatibility with Less v3 and v4 (#7813)
- Fix bug with managesieve_domains in Settings > Forwarding form (#7849)
- Fix errors in MSSQL database update scripts (#7853)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Thanks for the heads up, pushed an update now. Updated PHP to 7.4 in the process.