Free and open source webmail software for the masses, written in PHP

Roundcube Webmail
Report    Share

Browse by Company

Adobe, Apowersoft, Ashampoo, Autodesk, Avast, Corel, Cyberlink, Google, iMyFone, iTop, Movavi, PassFab, Passper, Stardock, Tenorshare, Wargaming, Wondershare

Roundcube Webmail 1.6.16

  -  5.6 MB  -  Open Source
Free Download

Safe & Secure

Sometimes latest versions of the software can cause issues when installed on older devices or devices running an older version of the operating system.

Software makers usually fix these issues but it can take them some time. What you can do in the meantime is to download and install an older version of Roundcube Webmail 1.6.16.


For those interested in downloading the most recent release of Roundcube Webmail or reading our review, simply click here.


All old versions distributed on our website are completely virus-free and available for download at no cost.


We would love to hear from you

If you have any questions or ideas that you want to share with us - head over to our Contact page and let us know. We value your feedback!

Download Roundcube Webmail 1.6.16
Why is this app published on FileHorse? (More info)

  • Roundcube Webmail 1.6.16 Screenshots

    The images below have been resized. Click on them to view the screenshots in full size.

    Roundcube Webmail 1.6.16 Screenshot 1
  • Roundcube Webmail 1.6.16 Screenshot 2
  • Roundcube Webmail 1.6.16 Screenshot 3
  • Roundcube Webmail 1.6.16 Screenshot 4
  • Roundcube Webmail 1.6.16 Screenshot 5

What's new in this version:

Fixed:
- Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog, reported by zazy
- Fix CSS injection bypass in HTML sanitizer via SVG <animate attributeName="style">, reported by wooseokdotkim
- Fix pre-auth SQL injection in virtuser_query plugin via preg_replace backslash escape bypass, reported by skull
- Fix SSRF bypass via specific local address URLs
- Fix local/private URL fetch bypass when remote resources were not allowed, reported by Orange Cyberdefense Vulnerability Disclosure Team
- Fix bypass of remote image blocking via CSS var(), reported by Geame
- Fix pre-auth arbitrary file delete via redis/memcache session poisoning bypass, reported by valent1
- Fix code injection vulnerability - remove support for code evaluation in LDAP autovalues option, reported by Glendaenri

Changed:
- Fix potential too long value in IMAP ID command
- Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog
- Security: Fix CSS injection bypass in HTML sanitizer via SVG <animate attributeName="style">
- Security: Fix pre-auth SQL injection in virtuser_query plugin via preg_replace backslash escape bypass
- Security: Fix SSRF bypass via specific local address URLs
- Security: Fix bypass of remote image blocking via CSS var()
- Security: Fix local/private URL fetch bypass when remote resources were not allowed
- Security: Fix pre-auth arbitrary file delete via redis/memcache session poisoning bypass
- Security: Fix code injection vulnerability - remove support for code evaluation in LDAP autovalues option

Top Downloads

More Popular Software »