Der beliebte kostenlose Webmail, Roundcube, erhielt for ein paar Tagen, in den Zweigen 1.3 und 1.4, zwei wichtige Security Updates. Das Update 1.4.12 behebt zudem 9 Fehler.
Roundcube 1.4.12 und 1.3.17 Release Notes
- Fix XSS issue in handling attachment filename extension in mimetype mismatch warning (#8193)
- Fix SQL injection via some session variables
Roundcube 1.4.12 Bugfixes
- Enigma: Fix bug where signature verification could fail for non-ascii bodies (#7919)
- Fix bug where contacts search didn’t work with addressbook_search_mods set to an empty array (#7974)
- Fix bug causing some HTML message content to be not centered in Elastic skin (#7911)
- Fix bug where consecutive LDAP searches could return wrong results (#8064)
- Fix bug where plus characters in attachment filename could have been ignored (#8074)
- Fix displaying HTML body with inline images encapsulated using TNEF format (winmail.dat)
- Fix handling of custom sender addresses with names (#8106)
- Fix shift + drag’n’drop menu not working in Elastic skin with Chrome browser (#8107)
- Fix Firefox infinite loading display on mail screen (#8128)
Quelle: Security updates 1.4.12 and 1.3.17 released (roundcube.net)