Hackers target Roundcube (update #3)
Update Oct. 27, 4:40 p.m.: All hosting environment have been patched. That’s nice going into the weekend!
Update Oct. 27, 2 p.m.: The patches for Roundcube are available and are currently being rolled out on all hosting environments. We expect the installation of the patch to be completed by 4 p.m.
Update Oct. 26, 3:37 p.m.: We are currently waiting on our vendor for a patch. As soon as the patch is available we will install it.
A team of hackers named Winter Vivern exploited a previously unknown vulnerability in the widely used webmail software Roundcube, researchers from the security firm ESET said on Wednesday.
We are currently in discussions both internally and with our suppliers about the steps to take and options for fixing the leak in Roundcube.
It is possible to temporarily use an alternative application for webmail. This is a change made per domain name, not per user. To change the webmail application to SOGo follow this guide.