Dear all,
Roundcube team "just published updates to all stable versions from 1.1.x onwards
delivering fixes for a recently discovered file disclosure vulnerability in Roundcube
Webmail.”
"Apparently this zero-day exploit is already being used by hackers to
read Roundcube’s configuration files. It requires a valid username/password
as the exploit only works with a valid session.”
For more details, please read full announcement below:
http://lists.roundcube.net/pipermail/users/2017-November/011736.html
Please upgrade your Roundcube installation as soon as possible.
----
Zhang Huangbin, founder of iRedMail project:
http://www.iredmail.org/
Time zone: GMT+8 (China/Beijing).
Available on Telegram:
https://t.me/iredmail