=====================================================================

                               CERT-Renater

                     Note d'Information No. 2023/VULN345

_____________________________________________________________________

DATE                : 26/09/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Roundcube Webmail versions
                           prior to 1.6.3, 1.5.4, 1.4.14.

=====================================================================
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
https://roundcube.net/news/2023/09/18/security-update-1.5.4-released
https://roundcube.net/news/2023/09/18/security-update-1.4.14-released
_____________________________________________________________________

Security update 1.6.3 released

Published: 15 September 2023

     Tags: releases updates security
We just published a security update to the version 1.6 of Roundcube
Webmail. It provides a fix to a recently reported XSS vulnerability:

     Fix cross-site scripting (XSS) vulnerability in handling of
linkrefs in plain text messages, reported by Niraj Shivtarkar.

See the full changelog in the release notes in the release notes
on the Github download page.

We strongly recommend to update all productive installations of
Roundcube 1.6.x with this new version.

_____________________________________________________________________

Security update 1.5.4 released

Published: 18 September 2023

     Tags: releases updates security
We just published a security update to the LTS version 1.5 of
Roundcube Webmail. It provides a fix to a recently reported XSS
vulnerability:

     Cross-site scripting (XSS) vulnerability in handling of linkrefs
in plain text messages, reported by Niraj Shivtarkar.

See the full changelog in the release notes in the release notes
on the Github download page.

We strongly recommend to update all productive installations of
Roundcube 1.5.x with this new version.

_____________________________________________________________________

Security update 1.4.14 released

Published: 18 September 2023

     Tags: releases updates security
We just published a security update to the LTS version 1.4 of
Roundcube Webmail. It provides a fix to a recently reported XSS
vulnerability:

     Cross-site scripting (XSS) vulnerability in handling of linkrefs
in plain text messages, reported by Niraj Shivtarkar.

See the full changelog in the release notes in the release notes
on the Github download page.

We strongly recommend to update all productive installations of
Roundcube 1.4.x with this new version.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================