Roundcubemail官网安全更新（2023-11-05）

安全更新

This is a security update to the stable version 1.6 of Roundcube Webmail.<br/>It provides a fix to a recently reported XSS vulnerability:<br/><br/>- Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download reported by Rene Rehme (rehme.infosec).<br/><br/>This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!<br/><br/>## CHANGELOG<br/><br/>- Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)<br/>- Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166)<br/>- Fix PHP warnings (#9174)<br/>- Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175)<br/>- Fix bug where images attached to application/smil messages weren&amp;#039;t displayed (#8870)<br/>- Fix PHP string replacement error in utils/error.php (#9185)<br/>- Fix regression where `smtp_user` did not allow pre/post strings before/after `%u` placeholder (#9162)<br/>- Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download

暂无

暂无

暂无

暂无

https://github.com/roundcube/roundcubemail/releases/tag/1.6.5