26 December 2015 - Updates 1.1.4 and 1.0.8 released
We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes one of which seals a potential path traversal vulnerability reported by High-Tech Bridge Security Research Lab.
A second security improvement adds some measures against brute-force attacks. See the full changelog here.
Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from roundcube.net/download.
If you prefer to patch your installation for the path traversal vulnerability only, you can find patches on our download mirrors for versions 1.0, and 1.1.
As usual, don’t forget to backup your data before updating!
Author: Aaron W. Swenson <firstname.lastname@example.org>
Date: Thu Jan 14 13:45:54 2016 -0500
mail-client/roundcube: Version Bump
Version bump fixes bug 570834 and addresses multiple security bugs.