diff --git a/CHANGELOG b/CHANGELOG
index 8d0294497..1b5572a37 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -21,6 +21,7 @@ CHANGELOG Roundcube Webmail
 - Fix/remove useless keyup event handler on username input in logon form (#6970)
 - Fix bug where cancelling switching from HTML to plain text didn't set the flag properly (#7077)
 - Fix bug where HTML reply could add an empty line with extra indentation above the original message (#7088)
+- Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107)
 
 RELEASE 1.4.1
 -------------
diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php
index 2000d5a03..e75e94c58 100644
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@@ -687,6 +687,7 @@ class rcube_utils
             if (in_array($_SERVER['REMOTE_ADDR'], $proxy_whitelist)) {
                 if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                     foreach (array_reverse(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])) as $forwarded_ip) {
+                        $forwarded_ip = trim($forwarded_ip);
                         if (!in_array($forwarded_ip, $proxy_whitelist)) {
                             return $forwarded_ip;
                         }