The Roundcube Webmail suite
GPL-3.0 License
Bot releases are hidden (Show)
Published by thomascube almost 7 years ago
This is a security update to the stable version 1.1. It fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651
.
We strongly recommend to update all productive installations of Roundcube 1.1.x.
Please do backup your data before updating!
Published by thomascube almost 7 years ago
This is a security update to the stable version 1.2. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651
.
We strongly recommend to update all productive installations of Roundcube 1.2.x.
Please do backup your data before updating!
Published by thomascube almost 7 years ago
This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651.
We strongly recommend to update all productive installations of Roundcube.
Please do backup your data before updating!
Published by thomascube almost 7 years ago
This is the second service release to update the stable version 1.3.
It contains fixes to several bugs reported by our dear community members as well as translation updates synchronized from Transifex.
We also changed the wording for the setting that controls the time after which an opened message is marked as read. This was previously only affecting messages being viewed in the preview panel but now applies to all means of opening a message. That change came with 1.3.0 an apparently confused many users. Some translation work is still needed here.
This version considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!
Published by thomascube about 7 years ago
This is a service and security update to the stable version 1.2. It contains some important bug fixes and improvements which we picked from the upstream branch. A detailed list of changes is shown below.
It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating!
Published by thomascube about 7 years ago
This is the first service release to update the stable version 1.3. We did some touching-up on the new features introduced with the 1.3.0 release. For example it brings back the double-click behavior to open messages which was reduced to the list-only view. Because the switch to change the mail view layout was a bit hidden, we also added it to the preferences section.
The update also includes fixes to reported bugs and one potential XSS vulnerability as well as optimizations to smoothly run on the latest version of PHP. A detailed list of changes is shown below.
It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating!
random_bytes()
has the requested length (#5788)bin/update.sh
(#5834)count()
use (#5845)Published by thomascube over 7 years ago
This is a the next major version 1.3 of Roundcube webmail.
With this milestone we introduce new features like:
Plus security and deployment improvements:
And finally some code-cleanup:
legacy_browser
plugin)mail()
supportIMPORTANT: The code-cleanup part brings major changes and possibly incompatibilities to your existing Roundcube installations. So please read the Changelog carefully and thoroughly test your upgrade scenario.
Please note that Roundcube 1.3
With the release of Roundcube 1.3.0, the previous stable release branches 1.2.x and 1.1.x will switch in to LTS low maintenance mode which means they will only receive important security updates but no longer any regular improvement updates.
mail()
support, smtp_server is required now (#5340)Published by thomascube over 7 years ago
This is a security update to the LTS version 1.0. It fixes a recently discovered vulnerability in the virtualmin and sasl drivers of the password plugin
It's considered stable and we recommend to update all productive installations of Roundcube 1.0.x with this version if for some reason you're not able to upgrade to the latest stable version. Please do backup your data before updating!
Instead of a full update you can apply the following patch:
https://github.com/roundcube/roundcubemail/commit/271426429b.diff
Published by thomascube over 7 years ago
This is a security update to the stable version 1.1. It primarily fixes a recently discovered vulnerability in the virtualmin and sasl drivers of the password plugin plus adds a few cherry-picked bug fixes from upstream versions. A detailed list of changes is shown below.
It's considered stable and we recommend to update all productive installations of Roundcube 1.1.x with this version. Please do backup your data before updating!
base_dn
setting was ignored inside group_filters
(#5720)Published by thomascube over 7 years ago
This is a security update to the stable version 1.2. It primarily fixes a recently discovered vulnerability in the virtualmin and sasl drivers of the password plugin plus adds a few cherry-picked bug fixes from upstream versions. A detailed list of changes is shown below.
It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating!
Published by thomascube over 7 years ago
This is feature-complete version for the next major version 1.3 of Roundcube webmail for final testing. After dropping support for older browsers and PHP versions and adding some new features like the widescreen layout, the release candidate finalizes that work and also fixes two security issues plus adds improvements to the Managesieve and Enigma plugins.
As a reminder: if you're installing the dependent package or run Roundcube directly from source, you now need to install the removed 3rd party javascript modules by executing the following install script:
$ bin/install-jsdeps.sh
With the upcoming stable release of 1.3.0 the old 1.x series will only receive important security fixes.
Please note that this is a release candidate and we recommend to test it on a separate environment. And don't forget to backup your data before installing it.
.htaccess
(#5630)\r\n
in scripts (#5685)Published by thomascube over 7 years ago
This is a security update to the LTS version 1.0. It contains some important bug fixes and security improvements backported from the master version.
It's considered stable and we recommend to update all productive installations of Roundcube 1.0.x with this version if for some reason you're not able to ubgrate to the latest stable version. Please do backup your data before updating!
Published by thomascube over 7 years ago
This is a security update to the stable version 1.1. It contains a few fixes which we picked from the upstream branch. A detailed list of changes is shown below.
It's considered stable and we recommend to update all productive installations of Roundcube 1.1.x with this version. Please do backup your data before updating!
Published by thomascube over 7 years ago
This is another service release to update the stable version 1.2. It contains some important bug fixes and improvements which we picked from the upstream branch. A detailed list of changes is shown below.
It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating!
Published by thomascube almost 8 years ago
This is a beta release of the next major version 1.3 of Roundcube webmail.
With this milestone we introduce some new features:
Plus security and deployment improvements:
And finally some code-cleanup:
legacy_browser
plugin)mail()
supportIMPORTANT: The code-cleanup part brings major changes and possibly incompatibilities to your existing Roundcube installations. So please read the Changelog carefully and thoroughly test your upgrade scenario.
Please note that Roundcube 1.3
In case you're running Roundcube directly from source, you now need to install the removed 3rd party javascript modules by executing the following install script:
$ bin/install-jsdeps.sh
Published by thomascube almost 8 years ago
This is a security update to the stable version 1.1. It contains one fix for a recently reported security issue when using PHP's mail()
function. It has been discovered by Robin Peraglie using RIPS and more details along with a CVE number will be pulished shortly.
It's considered stable and we recommend to update all productive installations of Roundcube 1.1.x which do not have an SMTP server configured for mail delivery.
Please do backup your data before updating!
mail()
's 5th argumentPublished by thomascube almost 8 years ago
This is the third service release to update the stable version 1.2. It contains some important bug fixes and improvements which we picked from the upstream branch. A detailed list of changes is shown below. Included is a fix for a recently reported security issue when using PHP's mail()
function. It has been discovered by Robin Peraglie using RIPS and more details along with a CVE number will be published shortly.
It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating!
mail()
's 5th argumentmail()
method (#5475)memcache_max_allowed_packet
and apc_max_allowed_packet
settings (#5452)rcube::log_bug()
on PHP 7.1 (#5508)Published by thomascube about 8 years ago
This is a security update to the stable version 1.1. It contains some important bug fixes and improvements in contacts searching as well as a few localization fixes. A detailed list of changes is listed below.
It's considered stable and we recommend to update all productive installations of Roundcube 1.1.x with this version. Please do backup your data before updating!
Published by thomascube about 8 years ago
This is the second service release to update the stable version 1.2. It contains
some important bug fixes and again more improvements of the Enigma plugin
for PGP encryption. A detailed list of changes is listed below.
It's considered stable and we recommend to update all productive installations
of Roundcube with this version. Please do backup your data before updating!
SymLinksIfOwnerMatch
in .htaccess instead of FollowSymLinks
disabled on some hosts for security reasons (#5370)E_DEPRECATED
warning when using Auth_SASL::factory()
(#5401)Published by thomascube about 8 years ago
This is the first service release to update the stable version 1.2. It contains some important bug fixes and improvements in the recently introduced Enigma plugin for PGP encryption. A detailed list of changes is shown below.
It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating!