-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
Here is the chanelog: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 I think more important changes related to security are: - - Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955) - - Fix XSS issue in SVG images handling (#4949) - - Fix (again) security issue in DBMail driver of password plugin (CVE-2015-2181) (#4958) - - Protect download urls against CSRF using unique request tokens (#4957) Should we backport some of them to 1.1.4 or, since roundcube is not official on stable version, can we also upgrade it to 1.1.5? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXGHx5AAoJEBQTENjj7QilORYP/A9RijZPvwer2E4mpe3TQAzF uBs1JfP06120AC+TteYFnJSP+JOtnK9zm2y5q7QO7Ncq6YgPUZkdPsl5NWKG0LWm tZIUKHru+xGbdZQOrRvjXpd2IrzLgCOLF6jw6vieXdU/C6cVAPjNwYB0mVMFzEkd Ze5XH2QK49gDGx+ttir5pzHySMYtQct1RsCsPudyn5mfCNrEOi2QMsaOu4Xj3ygT CVdh+MIaOH9vdlLUKnprCsx0XxxCyCrKB2VSc1Bug5UHCa4lvukJaMSwGihbLbGr 2gNguCfacsniHj8GKlzapooHxOert+nuK9JWJWpxxuud2GXQrG+geFxmSbGBawaV FU+MynXBwml4QWpuqZ7wisWCWaUDRsU61b5WJrtSzR5AmKiuf9doT/d1Qfjpp6/N kZzcDNUnojO8pWfmB3dV9pj9rEsEMPpeWcYrERJ6ow9+k2tjwn7BSRe6o+PHwpxa 4outyJfb6SbHSjVFEfhrRKuUqu+iZFEGj/X+NkeeBrQZks8sBTzhxhc23AVWT1vi BLmgJQHcBseYkMchd1eCMxg/RySk+T/PUt6lt0VLc2EIkI9cvpvAtVqUClXWNsP+ cI36m2yp72G0BOkzVSq4r26posSsjyAcJN/B4+G+CpQj9Es3Ij/1GHJaiovWYmO9 7PVahS3tkHMqGw2P5flP =l0ie -----END PGP SIGNATURE-----
