A few days ago the Roundcube developers released two new versions of the program (1.4.8 and 1.3.15) that contain a number of general improvements and, most importantly, fix two recently reported cross-site scripting (XSS) vulnerabilities:
- Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145)
- Fix cross-site scripting (XSS) via HTML messages with malicious math content
Our skins and plugins are fully compatible with these Roundcube upgrades, so if you're using the latest version of our software you can safely install Roundcube 1.4.8 or 1.3.15 to keep your server safe.