Roundcube big security issue.

My production versions where I found this issue initially were

AlmaLinux release 8.8
CWPpro version: 0.9.8.1160

Current versions
Distro Name: AlmaLinux release 8.9 (Midnight Oncilla)
CWPpro version: 0.9.8.1174

I will apply update on one of these server, let's see if the issue is fixed or not.

Let us know.

I'm testing on AL 8.9 with CWPpro 0.9.8.1174

@Vinayak If you haven't updated your AlmaLinux servers in awhile, you had mentioned 8.8.

You will need to install the new AlmaLinux GPG Keys first: https://almalinux.org/blog/2023-12-20-almalinux-8-key-update/

As I mentioned in my previous post, on my production servers AlmaLinux is updated to release 8.9 (Midnight Oncilla)
 & CWPpro version to 0.9.8.1174. I update my servers on regular basis.

For AlmaLinux GPG Keys, below is the result of command "rpm -q gpg-pubkey-ced7258b-6525146f"

gpg-pubkey-ced7258b-6525146f

This shows latest GPG Keys are installed & trusted.

As I am still trying to fix this, I am wondering whether cwpsrv/nginx is blocking access to these log and other crucial files or not.

Any idea where to check the configuration/directives for cwpsrv/nginx to make sure on this issue?

Or some other mechanism is in use to secure such files and path?