Applicable to:
- Plesk Onyx for Linux
- Plesk Onyx for Windows
Situation
Roundcube issued a vulnerability alert on 11-09-2017: CVE-2017-16651
Impact
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's file system, including configuration files, as exploited in the wild in November 2017.
Call to Action
Roundcube was updated from version 1.2.5 to 1.2.7 in Plesk Onyx:
Install the latest Plesk updates as soon as possible.
Note: Roundcube may not work after the update. Refer to Roundcube is unable to send attachments in emails after the latest update for a workaround.
Comments
5 comments
Fixes for Plesk Onyx are available: https://docs.plesk.com/release-notes/onyx/change-log/#1753-mu29
Great, now we cannot add attachments to emails in Roundcube. Nice fix...
@Robin, Hi!
This issue has already been fixed in Plesk 17.5 update #30 and Plesk 17.0 update #41 which are already available for installation.
@Bulat Yeah, I noticed later... After I updated all of our shared servers...
Though there is no changelog yet for update 30 here https://docs.plesk.com/release-notes/onyx/change-log/
@Robin
That is correct, the changelog has not been updated yet. It is going to be updated at the nearest time.
Please sign in to leave a comment.