Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. Roundcube
  3. Roundcube - Package updates

Roundcube - Package updates

Scheduled Pinned Locked Moved Roundcube
36 Posts 4 Posters 14.0k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • nebulonN Offline
    nebulonN Offline
    nebulon
    Staff
    wrote on last edited by
    #23

    [2.7.4]

    • Update Roundcube to 1.6.3
    • Full changelog
    • Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar.
    • Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file (#9051)
    • Update jQuery-UI to version 1.13.2 (#9041)
    • Fix regression that broke use_secure_urls feature (#9052)
    • Fix potential PHP fatal error when opening a message with message/rfc822 part (#8953)
    • Fix bug where a duplicate <title> tag in HTML email could cause some parts being cut off (#9029)
    • Fix bug where a list of folders could have been sorted incorrectly (#9057)
    • Fix regression where LDAP addressbook 'filter' option was ignored (#9061)
    • Fix wrong order of a multi-folder search result when sorting by size (#9065)
    • Fix so install/update scripts do not require PEAR (#9037)
    • Fix regression where some mail parts could have been decoded incorrectly, or not at all (#9096)
    • Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to non-binary FETCH (#9097)
    • Fix PHP8 deprecation warning in the reconnect plugin (#9083)
    • Fix "Show source" on mobile with x_frame_options = deny (#9084)
    • Fix various PHP warnings (#9098)
    • Fix deprecated use of ldap_connect() in password's ldap_simple driver (#9060)
    1 Reply Last reply
    0
    • girishG Offline
      girishG Offline
      girish
      Staff
      wrote on last edited by
      #24

      [2.8.0]

      • Update base image to 4.2.0
      1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #25

        [2.8.1]

        • Update Roundcube to 1.6.4
        • Full changelog
        • Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168)
        1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #26

          [2.8.2]

          • Update Roundcube to 1.6.5
          • Full changelog
          • Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download reported by Rene Rehme (rehme.infosec).
          • Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
          • Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166)
          1 Reply Last reply
          0
          • nebulonN Offline
            nebulonN Offline
            nebulon
            Staff
            wrote on last edited by
            #27

            [2.8.3]

            • Update Roundcube to 1.6.6
            • Full changelog
            • Fix regression in handling LDAP search_fields configuration parameter (#9210)
            • Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
            • Fix page jump menu flickering on click (#9196)
            • Update to TinyMCE 5.10.9 security release (#9228)
            • Fix PHP8 warnings (#9235, #9238, #9242, #9306)
            • Fix saving other encryption settings besides enigma's (#9240)
            • Fix unneeded php command use in installto.sh and deluser.sh scripts (#9237)
            • Fix TinyMCE localization installation (#9266)
            • Fix bug where trailing non-ascii characters in email addresses could have been removed in recipient input (#9257)
            • Fix IMAP GETMETADATA command with options - RFC5464
            1 Reply Last reply
            0
            • nebulonN Offline
              nebulonN Offline
              nebulon
              Staff
              wrote on last edited by
              #28

              [2.8.4]

              • Update Roundcube to 1.6.7
              • Full changelog
              • Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
              • Fix bug in collapsing/expanding folders with some special characters in names (#9324)
              • Fix PHP8 warnings (#9363, #9365, #9429)
              • Fix missing field labels in CSV import, for some locales (#9393)
              • Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
              • Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
              1 Reply Last reply
              0
              • necrevistonnezrN necrevistonnezr referenced this topic on
              • Package UpdatesP Offline
                Package UpdatesP Offline
                Package Updates
                wrote on last edited by
                #29

                [2.8.5]

                • Update Roundcube to 1.6.8
                • Full changelog
                • Managesieve: Protect special scripts in managesieve_kolab_master mode
                • Fix newmail_notifier notification focus in Chrome (#9467)
                • Fix fatal error when parsing some TNEF attachments (#9462)
                • Fix double scrollbar when composing a mail with many plain text lines (#7760)
                • Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
                • Fix bug where some messages could get malformed in an import from a MBOX file (#9510)
                • Fix invalid line break characters in multi-line text in Sieve scripts (#9543)
                • Fix bug where "with attachment" filter could fail on some fts engines (#9514)
                • Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)
                • Fix bug where a long subject title could not be displayed in some cases (#9416)
                • Fix infinite loop when parsing malformed Sieve script (#9562)
                • Fix bug where imap_conn_option's 'socket' was ignored (#9566)
                • Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
                • Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
                • Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]
                1 Reply Last reply
                0
                • Package UpdatesP Offline
                  Package UpdatesP Offline
                  Package Updates
                  wrote on last edited by
                  #30

                  [2.8.6]

                  • Update Roundcube to 1.6.9
                  • Full changelog
                  • Fix regression where printing/scaling/rotating image attachments was broken (#9571)
                  • Fix regression where HTML messages were displayed unstyled (#9586)
                  1 Reply Last reply
                  0
                  • Package UpdatesP Offline
                    Package UpdatesP Offline
                    Package Updates
                    wrote on last edited by
                    #31

                    [2.9.2]

                    • Update roundcubemail to 1.6.12
                    • Full Changelog
                    • Support IPv6 in database DSN (#9937)
                    • Don't force specific error_reporting setting
                    • Fix compatibility with PHP 8.5 regarding array_first()
                    • Remove X-XSS-Protection example from .htaccess file (#9875)
                    • Fix "Assign to group" action state after creation of a first group (#9889)
                    • Fix bug where contacts search would fail if contactlist_fields contained vcard fields (#9850)
                    • Fix bug where an mbox export file could include inconsistent message delimiters (#9879)
                    • Fix parsing of inline styles that aren't well-formatted (#9948)
                    • Fix Cross-Site-Scripting vulnerability via SVG's animate tag
                    • Fix Information Disclosure vulnerability in the HTML style sanitizer
                    1 Reply Last reply
                    0
                    • Package UpdatesP Offline
                      Package UpdatesP Offline
                      Package Updates
                      wrote on last edited by
                      #32

                      [2.9.3]

                      • Update roundcubemail to 1.6.13
                      • Full Changelog
                      • Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
                      • Fix CSS injection vulnerability reported by CERT Polska.
                      • Fix remote image blocking bypass via SVG content reported by nullcathedral.
                      1 Reply Last reply
                      0
                      • Package UpdatesP Offline
                        Package UpdatesP Offline
                        Package Updates
                        wrote on last edited by
                        #33

                        [2.9.5]

                        • Update roundcubemail to 1.6.15
                        • Full Changelog
                        • SVG Animate FUNCIRI Attribute Bypass Remote Image Loading via fill/filter/stroke, reported by class_nzm.
                        • Fix regression where mail search would fail on non-ascii search criteria (#​10121)
                        • Fix regression where some data url images could get ignored/lost (#​10128)
                        • Fix SVG Animate FUNCIRI Attribute Bypass Remote Image Loading via fill/filter/stroke
                        1 Reply Last reply
                        0
                        • Package UpdatesP Package Updates locked this topic on
                        • Package UpdatesP Offline
                          Package UpdatesP Offline
                          Package Updates
                          wrote on last edited by
                          #34

                          [2.10.0]

                          • Update roundcubemail to 1.7.0
                          • Full Changelog
                          • Dropped support for PHP < 8.1.
                          • Dropped support for Internet Explorer.
                          • Dropped support for MS SQL Server and Oracle.
                          • public_html/ entry-point made mandatory, all static resources are served via public_html/static.php.
                          • Removed apc cache driver (replaced by apcu cache driver).
                          • Changed smtp_log option default value to false.
                          • Removed contact_search_name option in favor of contactlist_name_template.
                          • Replaced session property changed by expires_at.
                          • Removed the (insecure) virtualmin password driver.
                          • Allow cidr (subnets) in proxy_whitelist (#7103)
                          1 Reply Last reply
                          0
                          • Package UpdatesP Offline
                            Package UpdatesP Offline
                            Package Updates
                            wrote on last edited by
                            #35

                            [2.10.1]

                            • Update roundcubemail to 1.7.1
                            • Full Changelog
                            • Enigma: Support automatic public key lookup (import) using HKP v1 protocol (#5314)
                            • Managesieve: Fix error when a mail message contains duplicate List-Id header (#10186)
                            • Clarified Elastic installation instructions (#10163)
                            • Fix so "has:attachment" search uses $HasAttachment/$HasNoAttachment keywords (#10168)
                            • Fix potential too long value in IMAP ID command (#10136)
                            • Fix redis/memcache disconnection in rcube::sleep() (#10127)
                            • Fix so static resources, e.g. skin_logo can be put inside the public_html directory (#10160)
                            • Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog
                            • Security: Fix pre-auth SQL injection in virtuser_query plugin via preg_replace backslash escape bypass
                            • Security: Fix code injection vulnerability - remove support for code evaluation in LDAP autovalues option
                            1 Reply Last reply
                            0
                            • Package UpdatesP Offline
                              Package UpdatesP Offline
                              Package Updates
                              wrote last edited by
                              #36

                              [2.10.2]

                              • Update roundcubemail to 1.7.2
                              • Full Changelog
                              • Add HEAD request handler to the static.php
                              • Fix so the oauth_password_claim claim is retrieved via token or userinfo request (#9631)
                              • Fix bug where static.php would return a 416 error on a specific Range request (#10194)
                              • Fix bug where configured skin logo wasn't loaded via static.php resulting in 404 error (#10191)
                              • Fix bug where installto.sh would fail if public_html folder does not exist in the target directory (#10202)
                              • Revert "Prefer 8bit over quoted-printable for HTML parts, when force_7bit is disabled (#8477)" (#10198)
                              • Fix incorrect unfolding of folded lines when importing vCard 2.1 contacts (#9647)
                              • Fix bug where Imagick could leave large temporary files on failure (#10230)
                              • Fix bug where redis/memcache session could have been updated more often than needed
                              • Fix support for untyped tokens in OIDC backchannel logout, require unset nonce (#10097)
                              1 Reply Last reply
                              0

                              Hello! It looks like you're interested in this conversation, but you don't have an account yet.

                              Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

                              With your input, this post could be even better 💗

                              Register Login
                              Reply
                              • Reply as topic
                              Log in to reply
                              • Oldest to Newest
                              • Newest to Oldest
                              • Most Votes


                              • Login

                              • Don't have an account? Register

                              • Login or register to search.
                              • First post
                                Last post
                              0
                              • Categories
                              • Recent
                              • Tags
                              • Popular
                              • Bookmarks
                              • Search