SOLVED CPANEL-35335 - Roundcube XSS vulnerability. Information about update in WHM/cPanel installation

[MindServer]

Hi,

Roundcube Webmail have a critical XSS vulnerability: Security updates 1.4.10, 1.3.16 and 1.2.13 released

Is patched in version 1.4.10, but when I check my WHM/cPanel I found that still have Roundcube 1.4.8-2, I checked him with this command: cat /var/cpanel/roundcube/version

We need do anything for update Roundcube Webmail and patch this security bug?, or you will add the new update soon?.

Thank you very much. Have a nice day.

 

[cPRex]

Hey hey! Since that just came out on December 27, we haven't got to that on our end. Once it's available your server will automatically update to the latest version.

 

[cPRex]

I did check with our devs and it looks like we're already on this through case CPANEL-35335. I'm monitoring that now and I'll keep this thread updated with more details as I get them :D

 

[MindServer]

Perfect, thank you very much.

Have a nice day!

 

[cPRex]

Just providing on update on this issue - we've got the fix applied and it will be included in cPanel version 92.0.7 :D

 

[MindServer]

Just providing on update on this issue - we've got the fix applied and it will be included in cPanel version 92.0.7 :D

Perfect, thank you!

 

[cPRex]

You're welcome!!!