Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN348
_____________________________________________________________________

DATE                : 01/04/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Roundcube versions prior
                            to 1.7-rc6, 1.6.15, 1.5.15.

=====================================================================
https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15
_____________________________________________________________________

Security updates 1.7-rc6, 1.6.15 and 1.5.15 released

Published: 29 March 2026

    Tags: releases updates security 

We just published security updates to the 1.6 and 1.5 LTS versions of
Roundcube Webmail, as well as a release candidate for coming 1.7.
They contain fixes for recently reported set of security
vulnerabilities.


Security fixes

    SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via
fill/filter/stroke, reported by class_nzm.

See the full changelogs in the release notes on the Github download
pages for the updated versions

    1.7-rc6
    1.6.15
    1.5.15.

We strongly recommend to update your productive installations of
Roundcube with this new versions.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================