ScottPeterJohnson/purelymail-issues

Security upgrade - Roundcube 1.6.5 to 1.6.7

Closed this issue · 3 comments

At time of writing, inbox.purelymail.com deploys Roundcube 1.6.5.
Request upgrade to 1.6.7 in response to the following vulnerabilities.

https://www.cve.org/CVERecord?id=CVE-2024-37383
https://www.cve.org/CVERecord?id=CVE-2024-37384
https://www.cve.org/CVERecord?id=CVE-2024-37385

Request priority escalation.

Is there any chance that this can be reviewed?

@vintnes Now at 1.6.7.

Thanks @electryx.

Created separate issue #239 pertaining to 1.6.7 vulnerabilities.
Not sure if appropriate; please advise.