Roundcube 1.4.4 released

unihostbrasil

Verified User
Joined
Nov 23, 2009
Messages
171
Location
São Paulo - Brazil
This is a service and security update to the stable version 1.4 of Roundcube Webmail.
It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. See the full changelog below.

Security fixes

  • Cross-Site Scripting (XSS) via malicious HTML content
  • CSRF attack can cause an authenticated user to be logged out
  • Remote code execution via crafted config options
  • Path traversal vulnerability allowing local file inclusion via crafted 'plugins' option

The latter two vulnerabilities are classified minor because they only affect Roundcube installations with public access to the Roundcube installer. That's generally a high-risk situation and is expected to be rare or practically non-existent in productive Roundcube deployments. However, the fixes are done in core in order to also prevent from future and yet unknown attack vectors.

Changelog: https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,442
Location
Murfreesboro
This is already in CB. My system has 1.4.4

Latest version of RoundCube webmail: 1.4.4
Installed version of RoundCube webmail: 1.4.4
 
Top