资产安全
商业安全
安全服务
返回- 发布日期2023-09-15
- 感知时间2023-09-15
- 漏洞类型安全更新
- 风险等级未知
- 更新版本1.6.3
- 情报贡献TSRC
安全更新
This is a security update to the stable version 1.6 of Roundcube Webmail.<br/>It provides a fix to a recently reported XSS vulnerability:<br/><br/>- Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar.<br/><br/>This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!<br/><br/>## CHANGELOG<br/><br/>- Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file (#9051)<br/>- Update jQuery-UI to version 1.13.2 (#9041)<br/>- Fix regression that broke use_secure_urls feature (#9052)<br/>- Fix potential PHP fatal error when opening a message with message/rfc822 part (#8953)<br/>- Fix bug where a duplicate `&lt;title&gt;` tag in HTML email could cause some parts being cut off (#9029)<br/>- Fix bug where a list of folders could have been sorted incorrectly (#9057)<br/>- Fix regression where LDAP addressbook &#039;filter&#039; option was ignored (#9061)<br/>- Fix wrong order of a multi-folder search result when sorting by size (#9065)<br/>- Fix so install/update scripts do not require PEAR (#9037)<br/>- Fix regression where some mail parts could have been decoded incorrectly, or not at all (#9096)<br/>- Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to non-binary FETCH (#9097)<br/>- Fix PHP8 deprecation warning in the reconnect plugin (#9083)<br/>- Fix &quot;Show source&quot; on mobile with x_frame_options = deny (#9084)<br/>- Fix various PHP warnings (#9098)<br/>- Fix deprecated use of ldap_connect() in password&#039;s ldap_simple driver (#9060)<br/>- Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages
暂无
暂无
暂无
暂无
https://github.com/roundcube/roundcubemail/releases/tag/1.6.3
微信扫码关注公众号
