We’re pleased to announce an update is available for the roundcubemail packages, version 1.1.12
This is a security and bugfix release for Kolab Enterprise 14, available for CentOS 6, CentOS 7, Debian 7, Debian 8, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
The following issues are fixed;
- Don’t ignore (global) userlogins/sendmail logs in per_user_logging mode
- Fix security issue in remote content blocking on HTML image and style tags (#6178)
- Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
- Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
- Fix file disclosure vulnerability caused by insufficient input validation (#6026)