This update for roundcubemail fixes the following issues:

- update to 1.6.15
  This is a security update to the stable version 1.6 of Roundcube Webmail.
  It provides fixes to some regressions introduced in the previous release 
  as well a recently reported security vulnerability:
    SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
  This version is considered stable and we recommend to update all productive
  installations of Roundcube 1.6.x with it. Please do backup your data before updating!
  + Fix regression where mail search would fail on non-ascii search criteria (#10121)
  + Fix regression where some data url images could get ignored/lost (#10128)
  + Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
    (boo#1261157)

- update to 1.6.14
  This is a security update to the stable version 1.6 of Roundcube Webmail.
  + Fix Postgres connection using IPv6 address (#10104)
  + Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
    (boo#1261488, CVE-2026-35537)
  + Security: Fix bug where a password could get changed without providing the old password
  + Security: Fix IMAP Injection + CSRF bypass in mail search
  + Security: Fix remote image blocking bypass via various SVG animate attributes
  + Security: Fix remote image blocking bypass via a crafted body background attribute
  + Security: Fix fixed position mitigation bypass via use of !important
  + Security: Fix XSS issue in a HTML attachment preview
  + Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts