File Manager

X7ROOT File Manager

Current Path: /var/softaculous/roundcube

?? ..
?? changelog.txt(1.97 KB)
?? clone.php(3.41 KB)
?? config.inc.php(3.9 KB)
?? fileindex.php(203 B)
?? images
?? import.php(3.29 KB)
?? info.xml(2.94 KB)
?? install.js(1.25 KB)
?? install.php(6.57 KB)
?? install.xml(3.73 KB)
?? md5(1021 B)
?? notes.txt(1.23 KB)
?? php53
?? php56
?? php71
?? php81
?? php82
?? remove.php(3.12 KB)
?? roundcube.sql(14.88 KB)
?? roundcube.zip(11.38 MB)
?? upgrade.php(7.06 KB)
?? upgrade.xml(341 B)

Editing: changelog.txt

## Release 1.6.16

- Fix potential too long value in IMAP ID command (#10136)
- Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog
- Security: Fix CSS injection bypass in HTML sanitizer via SVG `<animate attributeName="style">`
- Security: Fix pre-auth SQL injection in `virtuser_query` plugin via preg_replace backslash escape bypass
- Security: Fix SSRF bypass via specific local address URLs
- Security: Fix bypass of remote image blocking via CSS var()
- Security: Fix local/private URL fetch bypass when remote resources were not allowed
- Security: Fix pre-auth arbitrary file delete via redis/memcache session poisoning bypass
- Security: Fix code injection vulnerability - remove support for code evaluation in LDAP `autovalues` option

## Release 1.6.15

- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke

## Release 1.6.14

- Fix Postgres connection using IPv6 address (#10104)
- Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
- Security: Fix bug where a password could get changed without providing the old password
- Security: Fix IMAP Injection + CSRF bypass in mail search
- Security: Fix remote image blocking bypass via various SVG animate attributes
- Security: Fix remote image blocking bypass via a crafted body background attribute
- Security: Fix fixed position mitigation bypass via use of !important
- Security: Fix XSS issue in a HTML attachment preview
- Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

## Release 1.6.13

- Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
- Fix remote image blocking bypass via SVG content reported by nullcathedral
- Fix CSS injection vulnerability reported by CERT Polska

X7ROOT File Manager

Editing: changelog.txt

Upload File

Create Folder