26 December 2015 - Updates 1.1.4 and 1.0.8 released We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes one of which seals a potential path traversal vulnerability reported by High-Tech Bridge Security Research Lab. A second security improvement adds some measures against brute-force attacks. See the full changelog here. Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from roundcube.net/download. If you prefer to patch your installation for the path traversal vulnerability only, you can find patches on our download mirrors for versions 1.0, and 1.1. As usual, don’t forget to backup your data before updating!
commit 8a3bcf93eba9de75950be6b0cf1c09b3edf36171 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Thu Jan 14 13:45:54 2016 -0500 mail-client/roundcube: Version Bump Version bump fixes bug 570834 and addresses multiple security bugs. Bug: 570834,564476,570336 Package-Manager: portage-2.2.20.1