It's already set to use PHP7.1, funny so.
One day I'll take a better look at it, thanks.

phpMyAdmin 4.7.4 SQL injection vulnerability
- major
- Thread is marked as Resolved.
-
-
29 Oct 2020
PHP 7.4.12 Released!
The PHP development team announces the immediate availability of PHP 7.4.12. This is a bug fix release.
All PHP 7.4 users are encouraged to upgrade to this version.
For source downloads of PHP 7.4.12 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
29 Oct 2020
PHP 8.0.0 Release Candidate 3 available for testing
The PHP team is pleased to announce the tenth testing release of PHP 8.0.0, Release Candidate 3.
At this time, we're not planning to adjust the GA date, however this may change during the course of the RC cycle. The updated release schedule can, as always, be found on the PHP Wiki page about the PHP 8.0.
For source downloads of PHP 8.0.0 Release Candidate 3 please visit the download page.
Please carefully test this version and report any issues found in the bug reporting system.
Please DO NOT use this version in production, it is an early test version.
For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.
The next release will be the Release Candidate 4, planned for Nov 12 2020.
The signatures for the release can be found in the manifest or on the QA site.
Thank you for helping us make PHP better.
29 Oct 2020
PHP 7.3.24 Released!
The PHP development team announces the immediate availability of PHP 7.3.24. This is a bug fix release.
All PHP 7.3 users are encouraged to upgrade to this version.
For source downloads of PHP 7.3.24 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
-
-
Security updates 1.4.10, 1.3.16 and 1.2.13 released
27 December 2020
We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a recently reported stored XSS vulnerability. The 1.4.10 release also contains a few general improvements from our issue tracker.
Security fix
- Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content
Credits for this finding go to Alex Birnberg.
See the full changelogs in the release notes on the Github download pages for the updated versions 1.4.10, 1.3.16 and 1.2.13.
We strongly recommend to update all productive installations of Roundcube with these new versions.