The Roundcube Webmail suite
GPL-3.0 License
Bot releases are hidden (Show)
This is the next service release to update the stable version 1.6.
It provides a bunch of small fixes and improvements after getting your feedback from the previous releases. See the full changelog below.
This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!
Published by alecpl 12 months ago
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
smtp_user
did not allow pre/post strings before/after %u
placeholder (#9162)Published by alecpl 12 months ago
This is a security update to the stable version 1.5 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
This version is considered stable and we recommend to update all productive installations of Roundcube 1.5.x with it. Please do backup your data before updating!
Published by alecpl about 1 year ago
This is a security update to the stable version 1.4 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
This version is considered stable and we recommend to update all productive installations of Roundcube 1.4.x with it. Please do backup your data before updating!
Published by alecpl about 1 year ago
This is a security update to the stable version 1.5 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (https://github.com/roundcube/roundcubemail/issues/9168) reported separately by Matthieu Faou (ESET) and Denys Klymenko.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.5.x with it. Please do backup your data before updating!
Published by alecpl about 1 year ago
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
Published by alecpl about 1 year ago
This is a security update to the stable version 1.5 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
This version is considered stable and we recommend to update all productive installations of Roundcube 1.5.x with it. Please do backup your data before updating!
Published by alecpl about 1 year ago
This is a security update to the stable version 1.4 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
This version is considered stable and we recommend to update all productive installations of Roundcube 1.4.x with it. Please do backup your data before updating!
Published by alecpl about 1 year ago
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
<title>
tag in HTML email could cause some parts being cut off (#9029)Published by alecpl over 1 year ago
This is the second service release to update the stable version 1.6.
It provides a bunch of small fixes and improvements after getting your feedback from the previous releases. See the full changelog below.
This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!
Attention when upgrading Roundcube using the complete package!
The installto.sh
script does not update the vendor
folder of the installation target.
If you're not using Composer to install plugins or other dependencies, please remove the composer.json
file of your Roundcube installation before running the installto.sh
script.
If you have Composer installed, run composer update --no-dev
to complete the upgrade.
Published by thomascube over 1 year ago
This is the first service release to update the new stable version 1.6.
It provides a bunch of small fixes and improvements after getting your feedback from the 1.6.0 release. See the full changelog below.
This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!
Attention when upgrading Roundcube using the complete package!
The installto.sh
script does not update the vendor
folder of the installation target.
If you're not using Composer to install plugins or other dependencies, please remove the composer.json
file of your Roundcube installation before running the installto.sh
script.
If you have Composer installed, run composer update --no-dev
to complete the upgrade.
Published by thomascube about 2 years ago
This is the stable release of the next major version 1.6 of Roundcube webmail.
With this milestone we cleaned up the codebase and bring full support for PHP 8.1.
The most noteworthy changes, as already announced with the beta release, are:
See the full changelog below.
The following config options have either been removed or renamed:
default_host
to imap_host
default_port
option (non-standard port can be set via imap_host
)imap_host
smtp_server
to smtp_host
smtp_port
option (non-standard port can be set via smtp_host
)smtp_host
port
option from ldap_public
array (non-standard port can be set via host
)use_tls
option from ldap_public
array (use tls:// prefix in host
)managesieve_port
option (non-standard port can be set via managesieve_host
)managesieve_usetls
option (set tls:// prefix to managesieve_host
)The skins Larry and Classic are no longer part of the release packages.
If you used them in your deployment, you need to install them manually. That can easily be done via Composer:
$ composer require roundcube/larry
This release is considered stable and we encourage you to update your productive installations after carefully testing the upgrade scenario. Download it from roundcube.net.
With the release of Roundcube 1.6.0, the previous stable release branches 1.5.x and 1.5.x will change into LTS low maintenance mode which means they will only receive important security updates. The 1.3.x series is no longer supported and maintained.
pgsql:///dbname
(#8558)storage_init
hook after refreshing oauth access token (#8436)Published by thomascube over 2 years ago
This is the second service release to update the new stable version 1.5.
It provides a bunch of small fixes and improvements for the PHP8 compatibility.
This version is considered stable and we recommend to update all productive installations
of Roundcube with it. Please do backup your data before updating!
aria-hidden=true
on toolbar menus in the Elastic skin (#8517)pgsql:///dbname
(#8558)Published by alecpl over 2 years ago
This is the release candidate for the next major version 1.6 of Roundcube webmail.
It includes a small number of improvements and fixes in comparison to 1.6-beta release.
We believe it is production ready, but we recommend to test it on a separate environment.
And don't forget to backup your data before installing it.
Published by thomascube over 2 years ago
This is a beta release for the next major version 1.6 of Roundcube webmail.
With this milestone we cleaned up the codebase and bring full support for PHP 8.1.
The most noteworthy changes are:
Adding support for PHP 8.1 again required some refactoring of the Roundcube codebase
and removing/replacing now deprecated PHP code. We also used this cleaning efforts
and simplified Roundcube's config options a bit.
The following config options have either been removed or renamed:
default_host
to imap_host
default_port
option (non-standard port can be set via imap_host
)imap_host
smtp_server
to smtp_host
smtp_port
option (non-standard port can be set via smtp_host
)smtp_host
port
option from ldap_public
array (non-standard port can be set via host
)use_tls
option from ldap_public
array (use tls:// prefix in host
)managesieve_port
option (non-standard port can be set via managesieve_host
)managesieve_usetls
option (tls:// prefix in managesieve_host
have to be used)If you used the Larry or the Classic skin in your deployment, you need to install them manually
as they are no longer part of the release packages. They can easily be installed via Composer:
$ composer require roundcube/larry
This is a beta release and we recommend to test it on a separate environment.
Migrate existing configs with eiither the installto.sh
or the update.sh
scripts.
And don't forget to backup your data before installing it.
smtp_port
parameter in smtp_connect
hooksmtp_server
parameter to smtp_host
in smtp_connect
hookport
parameter in managesieve_connect
hookusetls
parameter in managesieve_connect
hookPublished by thomascube almost 3 years ago
This is the second service release to update the new stable version 1.5. It provides a bunch of small fixes and improvements to the OAuth feature as well as a security fix to a recently reported XSS vulnerability. See the full changelog below.
This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!
/index.php/foo/bar
url is used (#8144)chpass-wrapper.py
helper compatibility with Python 3 (#8324)Published by thomascube almost 3 years ago
This is a security update to the stable version 1.4 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
This version is considered stable and we recommend to update all productive installations of Roundcube 1.4.x with it. Please do backup your data before updating!
Published by thomascube almost 3 years ago
This is the first service release to update the new stable version 1.5. It provides a bunch of small fixes and improvements after getting your feedback from the 1.5.0 release. See the full changelog below.
The change to full UTF-8 support in MySQL/MariaDB didn't work for everybody migrating an existing DB. Hence here's an important notice from the UPGRADING instructions:
If you use MySQL < 5.7.7 or MariaDB < 10.2.2 make sure to configure it with:
innodb_large_prefix=1
innodb_file_per_table=1
innodb_file_format=Barracuda
This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!
skip_deleted=true
(#8234)dark_mode_support:false
setting in skins meta.json
- also when devel_mode=false
(#8249)show_images
setting where option 1 and 3 were swapped (#8268)rcube_imap_generic::fetchMIMEHeaders()
(#8282)Published by thomascube almost 3 years ago
This is a service and security update to the stable version 1.4 of Roundcube Webmail.
It provides fixes for two recently discovered SQL injection and XSS vulnerabilities as well a some general improvements from our issue tracker. See the full changelog below.
This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!
Published by thomascube almost 3 years ago
This is a security update to the LTS version 1.3.
It fixes two recently discovered vulnerabilities:
This version in considered stable and we strongly recommend to update all productive installations of Roundcube 1.3.x with it. Please do backup your data before updating!