Topic: Zero day vulnerability found in Roundcubemail-0.8.5 and older releases
There's a zero day vulnerability found in Roundcubemail-0.8.5 and older releases, please upgrade your running Roundcube webmail to the latest roundcubemail-0.8.6 immediately. Here's upgrade tutorial:
http://iredmail.org/wiki/index.php?titl … be.Webmail
About the zero day vulnerability, please refer to this thread:
http://lists.roundcube.net/pipermail/de … 22328.html
P.S. I re-packed iRedMail-0.8.4 with roundcubemail-0.8.6, so if you're going to setup a new iRedMail server, you don't need to worry about this vulnerability.