Explore top 10 tips to secure your open-source projects now. Read More
×
This update for roundcubemail fixes the following issues:
Changes to roundcubemail:
Update to 1.6.13:
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:
+ Fix CSS injection vulnerability reported by CERT Polska (boo#1258052,
CVE-2026-26079).
+ Fix remote image blocking bypass via SVG content reported by nullcathedral
(boo#1257909, CVE-2026-25916).
This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it. Please do backup your data
before updating!
CHANGELOG
+ Managesieve: Fix handling of string-list format values for date
tests in Out of Office (#10075)
+ Fix CSS injection vulnerability reported by CERT Polska.
+ Fix remote image blocking bypass via SVG content reported by nullcathedral.
Update to 1.6.12:
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides...
Read the Full Advisory- openSUSE Leap 16.0:
roundcubemail-1.6.13-bp160.1.1
* bsc#1255306
* bsc#1255308
* bsc#1257909
* bsc#1258052
References:
* https://www.suse.com/security/cve/CVE-2025-68460.html
* https://www.suse.com/security/cve/CVE-2025-68461.html
* https://www.suse.com/security/cve/CVE-2026-25916.html
* https://www.suse.com/security/cve/CVE-2026-26079.html
Get the latest Linux and open source security news straight to your inbox.