Roundcube 1.1.5 released - security fixes
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
Here is the chanelog:
https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
I think more important changes related to security are:
- - Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
- - Fix XSS issue in SVG images handling (#4949)
- - Fix (again) security issue in DBMail driver of password plugin
(CVE-2015-2181) (#4958)
- - Protect download urls against CSRF using unique request tokens (#4957)
Should we backport some of them to 1.1.4 or, since roundcube is not
official on stable version, can we also upgrade it to 1.1.5?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXGHx5AAoJEBQTENjj7QilORYP/A9RijZPvwer2E4mpe3TQAzF
uBs1JfP06120AC+TteYFnJSP+JOtnK9zm2y5q7QO7Ncq6YgPUZkdPsl5NWKG0LWm
tZIUKHru+xGbdZQOrRvjXpd2IrzLgCOLF6jw6vieXdU/C6cVAPjNwYB0mVMFzEkd
Ze5XH2QK49gDGx+ttir5pzHySMYtQct1RsCsPudyn5mfCNrEOi2QMsaOu4Xj3ygT
CVdh+MIaOH9vdlLUKnprCsx0XxxCyCrKB2VSc1Bug5UHCa4lvukJaMSwGihbLbGr
2gNguCfacsniHj8GKlzapooHxOert+nuK9JWJWpxxuud2GXQrG+geFxmSbGBawaV
FU+MynXBwml4QWpuqZ7wisWCWaUDRsU61b5WJrtSzR5AmKiuf9doT/d1Qfjpp6/N
kZzcDNUnojO8pWfmB3dV9pj9rEsEMPpeWcYrERJ6ow9+k2tjwn7BSRe6o+PHwpxa
4outyJfb6SbHSjVFEfhrRKuUqu+iZFEGj/X+NkeeBrQZks8sBTzhxhc23AVWT1vi
BLmgJQHcBseYkMchd1eCMxg/RySk+T/PUt6lt0VLc2EIkI9cvpvAtVqUClXWNsP+
cI36m2yp72G0BOkzVSq4r26posSsjyAcJN/B4+G+CpQj9Es3Ij/1GHJaiovWYmO9
7PVahS3tkHMqGw2P5flP
=l0ie
-----END PGP SIGNATURE-----
Reply to: