home_aeneas_jaissle_maintenance_roundcubemail_1.0.x moderate openSUSE 13.1 Ports roundcubemail was updated to version 1.0.7 to fix many minor bugs and a security issue. The security-related fix in particular is: - Fix XSS issue in drag-n-drop file uploads This update also contains a fix to disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this is only the case when manually changed). The package comes with a fixed configuration. If you modified the file "/etc/apache2/conf.d/roundcubemail.conf", please replace it with the configuration "roundcubemail.conf.rpmnew" and reapply your changes. After that, a restart of apache2 is requried. roundcubemail-1.0.6-2.24.1.noarch.rpm roundcubemail-1.0.6-2.24.1.src.rpm