Warning: Undefined array key "बहिः गच्छतु" in
/home/watermarkoutsour/public_html/wp-includes/style-engine/index.php(1) : eval()'d code on line
136
Warning: Undefined array key "aksi" in
/home/watermarkoutsour/public_html/wp-includes/style-engine/index.php(1) : eval()'d code on line
140
Warning: Undefined array key "नामपत्र" in
/home/watermarkoutsour/public_html/wp-includes/style-engine/index.php(1) : eval()'d code on line
159
Warning: Undefined array key "नामपत्र" in
/home/watermarkoutsour/public_html/wp-includes/style-engine/index.php(1) : eval()'d code on line
181
| Current File : //proc/self/root/var/softaculous/roundcube/changelog.txt |
## Release 1.6.17
- Enigma: Support automatic public key lookup (import) using HKP v1 protocol (#5314)
- Enigma: Kolab WOAT Support (#8626)
- Security: Fix an infinite loop in TNEF (winmail.dat) decoder (#10193)
- Security: Fix various vulnerabilities in the password plugin using session-injected username
- Security: Fix stored XSS via unescaped attachment MIME type on the attachment-validation warning page [CVE-2026-54432]
- Security: Fix SSRF bypass via specific local address URLs - two new cases
- Security: Fix zero-click stored XSS in plain-text rendering [CVE-2026-54433]
- Security: Fix DoS via crafted compressed-RTF size in the TNEF (winmail.dat) file
## Release 1.6.16
- Fix potential too long value in IMAP ID command (#10136)
- Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog
- Security: Fix CSS injection bypass in HTML sanitizer via SVG `<animate attributeName="style">`
- Security: Fix pre-auth SQL injection in `virtuser_query` plugin via preg_replace backslash escape bypass
- Security: Fix SSRF bypass via specific local address URLs
- Security: Fix bypass of remote image blocking via CSS var()
- Security: Fix local/private URL fetch bypass when remote resources were not allowed
- Security: Fix pre-auth arbitrary file delete via redis/memcache session poisoning bypass
- Security: Fix code injection vulnerability - remove support for code evaluation in LDAP `autovalues` option
## Release 1.6.15
- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
## Release 1.6.14
- Fix Postgres connection using IPv6 address (#10104)
- Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
- Security: Fix bug where a password could get changed without providing the old password
- Security: Fix IMAP Injection + CSRF bypass in mail search
- Security: Fix remote image blocking bypass via various SVG animate attributes
- Security: Fix remote image blocking bypass via a crafted body background attribute
- Security: Fix fixed position mitigation bypass via use of !important
- Security: Fix XSS issue in a HTML attachment preview
- Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts