- Plesk Onyx for Linux
- Plesk Onyx for Windows
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's file system, including configuration files, as exploited in the wild in November 2017.
Call to Action
Roundcube was updated from version 1.2.5 to 1.2.7 in Plesk Onyx:
Install the latest Plesk updates as soon as possible.
Note: Roundcube may not work after the update. Refer to Roundcube is unable to send attachments in emails after the latest update for a workaround.