Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN852
_____________________________________________________________________

DATE                : 15/12/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Roundcube Webmail versions prior
                                   to 1.6.12, 1.5.12.

=====================================================================
https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
_____________________________________________________________________

Security updates 1.6.12 and 1.5.12 released

Published: 13 December 2025

    Tags: releases updates security 

We just published security updates to the 1.6 and 1.5 LTS versions
of Roundcube Webmail. They both contain fixes for recently reported
two security vulnerabilities.
Security fixes

    Fix Cross-Site-Scripting vulnerability via SVG’s animate tag
reported by Valentin T., CrowdStrike.

    Fix Information Disclosure vulnerability in the HTML style
sanitizer reported by somerandomdev.

See the full changelogs in the release notes on the Github download
pages for the updated versions 1.6.12 and 1.5.12.

We strongly recommend to update all productive installations of
Roundcube 1.6.x and 1.5.x with this new versions.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================