Fedora 44 Roundcubemail Critical SQL Injection XSS Vuln 2026-2b956d89d3

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Release 1.7.1 Enigma: Support automatic public key lookup (import) using HKP v1 protocol (#5314) Managesieve: Fix error when a mail message contains duplicate List-Id header (#10186) Clarified Elastic installation instructions (#10163) Added HTMLFormElement.requestSubmit() polyfill for older browsers (#10179) Fix so "has:attachment" search uses $HasAttachment/$HasNoAttachment keywords (#10168) Fix potential too long value in IMAP ID command (#10136) Fix redis/memcache disconnection in rcube::sleep() (#10127) Fix so static resources, e.g. skin_logo can be put inside the public_html directory (#10160) Fix so REQUEST_URI is used as a fallback if PATH_INFO is not set in static.php (#10181) Fix assets_path feature and remove dependency on PATH_INFO (#10185) Fix MySQL upgrade on MySQL 8.0 and MariaDB 10.5.3 (#10188) Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog Security: Fix CSS injection bypass in HTML sanitizer via SVG Se...