Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. Roundcube
  3. Roundcube - Package updates

Roundcube - Package updates

Scheduled Pinned Locked Moved Roundcube
36 Posts 4 Posters 14.0k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • girishG Offline
    girishG Offline
    girish
    Staff
    wrote on last edited by
    #20

    [2.7.1]

    • Update base image to 4.0
    1 Reply Last reply
    0
    • girishG Offline
      girishG Offline
      girish
      Staff
      wrote on last edited by
      #21

      [2.7.2]

      • Update Roundcube to 1.6.1
      • Full changelog
      • Kill session if refreshing oauth token fails (#8734)
      • Fix various PHP 8.1 warnings (#8628, #8644, #8667, #8656, #8647)
      • Password: Remove references to %c variable that has been removed before (#8633)
      • Fix anchor links in HTML mail (#8632)
      • Fix bug where config creation in Installer did ignore options in the form (#8634)
      • Fix bug where renamed options were removed from the config on installto.sh (update.sh) run (#8643)
      • Fix favicon rewrite rule in .htaccess (#8654)
      1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #22

        [2.7.3]

        • Update Roundcube to 1.6.2
        • Full changelog
        • Add Uyghur localization
        • Fix regression in OAuth request URI caused by use of REQUEST_URI instead of SCRIPT_NAME as a default (#8878)
        • Fix bug where false attachment reminder was displayed on HTML mail with inline images (#8885)
        • Fix bug where a non-ASCII character in app.js could cause error in javascript engine (#8894)
        • Fix JWT decoding with url safe base64 schema (#8890)
        • Fix bug where .wav instead of .mp3 file was used for the new mail notification in Firefox (#8895)
        • Fix PHP8 warning (#8891)
        • Fix support for Windows-31J charset (#8869)
        • Fix so LDAP VLV option is disabled by default as documented (#8833)
        • Fix so an email address with name is supported as input to the managesieve notify :from parameter (#8918)
        • Fix Help plugin menu (#8898)
        • Fix invalid onclick handler on the logo image when using non-array skin_logo setting (#8933)
        • Fix duplicate recipients in "To" and "Cc" on reply (#8912)
        • Fix bug where it wasn't possible to scroll lists by clicking middle mouse button (#8942)
        • Fix bug where label text in a single-input dialog could be partially invisible in some locales (#8905)
        • Fix bug where LDAP (fulltext) search didn't work without 'search_fields' in config (#8874)
        • Fix extra leading newlines in plain text converted from HTML (#8973)
        • Fix so recipients with a domain ending with .s are allowed (#8854)
        • Fix so vCard output does not contain non-standard/redundant TYPE=OTHER and TYPE=INTERNET (#8838)
        • Fix QR code images for contacts with non-ASCII characters (#9001)
        • Fix PHP8 warnings when using list_flags and list_cols properties by plugins (#8998)
        • Fix bug where subfolders could loose subscription on parent folder rename (#8892)
        • Fix connecting to LDAP using an URI with ldapi:// scheme (#8990)
        • Fix insecure shell command params handling in cmd_learn driver of markasjunk plugin (#9005)
        • Fix bug where some mail headers didn't work in cmd_learn driver of markasjunk plugin (#9005)
        • Fix PHP fatal error when importing vcf file using PHP 8.2 (#9025)
        • Fix so output of log_date_format with microseconds contains time in server time zone, not UTC
        1 Reply Last reply
        1
        • nebulonN Offline
          nebulonN Offline
          nebulon
          Staff
          wrote on last edited by
          #23

          [2.7.4]

          • Update Roundcube to 1.6.3
          • Full changelog
          • Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar.
          • Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file (#9051)
          • Update jQuery-UI to version 1.13.2 (#9041)
          • Fix regression that broke use_secure_urls feature (#9052)
          • Fix potential PHP fatal error when opening a message with message/rfc822 part (#8953)
          • Fix bug where a duplicate <title> tag in HTML email could cause some parts being cut off (#9029)
          • Fix bug where a list of folders could have been sorted incorrectly (#9057)
          • Fix regression where LDAP addressbook 'filter' option was ignored (#9061)
          • Fix wrong order of a multi-folder search result when sorting by size (#9065)
          • Fix so install/update scripts do not require PEAR (#9037)
          • Fix regression where some mail parts could have been decoded incorrectly, or not at all (#9096)
          • Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to non-binary FETCH (#9097)
          • Fix PHP8 deprecation warning in the reconnect plugin (#9083)
          • Fix "Show source" on mobile with x_frame_options = deny (#9084)
          • Fix various PHP warnings (#9098)
          • Fix deprecated use of ldap_connect() in password's ldap_simple driver (#9060)
          1 Reply Last reply
          0
          • girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #24

            [2.8.0]

            • Update base image to 4.2.0
            1 Reply Last reply
            0
            • nebulonN Offline
              nebulonN Offline
              nebulon
              Staff
              wrote on last edited by
              #25

              [2.8.1]

              • Update Roundcube to 1.6.4
              • Full changelog
              • Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168)
              1 Reply Last reply
              0
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #26

                [2.8.2]

                • Update Roundcube to 1.6.5
                • Full changelog
                • Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download reported by Rene Rehme (rehme.infosec).
                • Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
                • Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166)
                1 Reply Last reply
                0
                • nebulonN Offline
                  nebulonN Offline
                  nebulon
                  Staff
                  wrote on last edited by
                  #27

                  [2.8.3]

                  • Update Roundcube to 1.6.6
                  • Full changelog
                  • Fix regression in handling LDAP search_fields configuration parameter (#9210)
                  • Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
                  • Fix page jump menu flickering on click (#9196)
                  • Update to TinyMCE 5.10.9 security release (#9228)
                  • Fix PHP8 warnings (#9235, #9238, #9242, #9306)
                  • Fix saving other encryption settings besides enigma's (#9240)
                  • Fix unneeded php command use in installto.sh and deluser.sh scripts (#9237)
                  • Fix TinyMCE localization installation (#9266)
                  • Fix bug where trailing non-ascii characters in email addresses could have been removed in recipient input (#9257)
                  • Fix IMAP GETMETADATA command with options - RFC5464
                  1 Reply Last reply
                  0
                  • nebulonN Offline
                    nebulonN Offline
                    nebulon
                    Staff
                    wrote on last edited by
                    #28

                    [2.8.4]

                    • Update Roundcube to 1.6.7
                    • Full changelog
                    • Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
                    • Fix bug in collapsing/expanding folders with some special characters in names (#9324)
                    • Fix PHP8 warnings (#9363, #9365, #9429)
                    • Fix missing field labels in CSV import, for some locales (#9393)
                    • Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
                    • Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
                    1 Reply Last reply
                    0
                    • necrevistonnezrN necrevistonnezr referenced this topic on
                    • Package UpdatesP Offline
                      Package UpdatesP Offline
                      Package Updates
                      wrote on last edited by
                      #29

                      [2.8.5]

                      • Update Roundcube to 1.6.8
                      • Full changelog
                      • Managesieve: Protect special scripts in managesieve_kolab_master mode
                      • Fix newmail_notifier notification focus in Chrome (#9467)
                      • Fix fatal error when parsing some TNEF attachments (#9462)
                      • Fix double scrollbar when composing a mail with many plain text lines (#7760)
                      • Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
                      • Fix bug where some messages could get malformed in an import from a MBOX file (#9510)
                      • Fix invalid line break characters in multi-line text in Sieve scripts (#9543)
                      • Fix bug where "with attachment" filter could fail on some fts engines (#9514)
                      • Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)
                      • Fix bug where a long subject title could not be displayed in some cases (#9416)
                      • Fix infinite loop when parsing malformed Sieve script (#9562)
                      • Fix bug where imap_conn_option's 'socket' was ignored (#9566)
                      • Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
                      • Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
                      • Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]
                      1 Reply Last reply
                      0
                      • Package UpdatesP Offline
                        Package UpdatesP Offline
                        Package Updates
                        wrote on last edited by
                        #30

                        [2.8.6]

                        • Update Roundcube to 1.6.9
                        • Full changelog
                        • Fix regression where printing/scaling/rotating image attachments was broken (#9571)
                        • Fix regression where HTML messages were displayed unstyled (#9586)
                        1 Reply Last reply
                        0
                        • Package UpdatesP Offline
                          Package UpdatesP Offline
                          Package Updates
                          wrote on last edited by
                          #31

                          [2.9.2]

                          • Update roundcubemail to 1.6.12
                          • Full Changelog
                          • Support IPv6 in database DSN (#9937)
                          • Don't force specific error_reporting setting
                          • Fix compatibility with PHP 8.5 regarding array_first()
                          • Remove X-XSS-Protection example from .htaccess file (#9875)
                          • Fix "Assign to group" action state after creation of a first group (#9889)
                          • Fix bug where contacts search would fail if contactlist_fields contained vcard fields (#9850)
                          • Fix bug where an mbox export file could include inconsistent message delimiters (#9879)
                          • Fix parsing of inline styles that aren't well-formatted (#9948)
                          • Fix Cross-Site-Scripting vulnerability via SVG's animate tag
                          • Fix Information Disclosure vulnerability in the HTML style sanitizer
                          1 Reply Last reply
                          0
                          • Package UpdatesP Offline
                            Package UpdatesP Offline
                            Package Updates
                            wrote on last edited by
                            #32

                            [2.9.3]

                            • Update roundcubemail to 1.6.13
                            • Full Changelog
                            • Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
                            • Fix CSS injection vulnerability reported by CERT Polska.
                            • Fix remote image blocking bypass via SVG content reported by nullcathedral.
                            1 Reply Last reply
                            0
                            • Package UpdatesP Offline
                              Package UpdatesP Offline
                              Package Updates
                              wrote on last edited by
                              #33

                              [2.9.5]

                              • Update roundcubemail to 1.6.15
                              • Full Changelog
                              • SVG Animate FUNCIRI Attribute Bypass Remote Image Loading via fill/filter/stroke, reported by class_nzm.
                              • Fix regression where mail search would fail on non-ascii search criteria (#​10121)
                              • Fix regression where some data url images could get ignored/lost (#​10128)
                              • Fix SVG Animate FUNCIRI Attribute Bypass Remote Image Loading via fill/filter/stroke
                              1 Reply Last reply
                              0
                              • Package UpdatesP Package Updates locked this topic on
                              • Package UpdatesP Offline
                                Package UpdatesP Offline
                                Package Updates
                                wrote on last edited by
                                #34

                                [2.10.0]

                                • Update roundcubemail to 1.7.0
                                • Full Changelog
                                • Dropped support for PHP < 8.1.
                                • Dropped support for Internet Explorer.
                                • Dropped support for MS SQL Server and Oracle.
                                • public_html/ entry-point made mandatory, all static resources are served via public_html/static.php.
                                • Removed apc cache driver (replaced by apcu cache driver).
                                • Changed smtp_log option default value to false.
                                • Removed contact_search_name option in favor of contactlist_name_template.
                                • Replaced session property changed by expires_at.
                                • Removed the (insecure) virtualmin password driver.
                                • Allow cidr (subnets) in proxy_whitelist (#7103)
                                1 Reply Last reply
                                0
                                • Package UpdatesP Offline
                                  Package UpdatesP Offline
                                  Package Updates
                                  wrote on last edited by
                                  #35

                                  [2.10.1]

                                  • Update roundcubemail to 1.7.1
                                  • Full Changelog
                                  • Enigma: Support automatic public key lookup (import) using HKP v1 protocol (#5314)
                                  • Managesieve: Fix error when a mail message contains duplicate List-Id header (#10186)
                                  • Clarified Elastic installation instructions (#10163)
                                  • Fix so "has:attachment" search uses $HasAttachment/$HasNoAttachment keywords (#10168)
                                  • Fix potential too long value in IMAP ID command (#10136)
                                  • Fix redis/memcache disconnection in rcube::sleep() (#10127)
                                  • Fix so static resources, e.g. skin_logo can be put inside the public_html directory (#10160)
                                  • Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog
                                  • Security: Fix pre-auth SQL injection in virtuser_query plugin via preg_replace backslash escape bypass
                                  • Security: Fix code injection vulnerability - remove support for code evaluation in LDAP autovalues option
                                  1 Reply Last reply
                                  0
                                  • Package UpdatesP Offline
                                    Package UpdatesP Offline
                                    Package Updates
                                    wrote last edited by
                                    #36

                                    [2.10.2]

                                    • Update roundcubemail to 1.7.2
                                    • Full Changelog
                                    • Add HEAD request handler to the static.php
                                    • Fix so the oauth_password_claim claim is retrieved via token or userinfo request (#9631)
                                    • Fix bug where static.php would return a 416 error on a specific Range request (#10194)
                                    • Fix bug where configured skin logo wasn't loaded via static.php resulting in 404 error (#10191)
                                    • Fix bug where installto.sh would fail if public_html folder does not exist in the target directory (#10202)
                                    • Revert "Prefer 8bit over quoted-printable for HTML parts, when force_7bit is disabled (#8477)" (#10198)
                                    • Fix incorrect unfolding of folded lines when importing vCard 2.1 contacts (#9647)
                                    • Fix bug where Imagick could leave large temporary files on failure (#10230)
                                    • Fix bug where redis/memcache session could have been updated more often than needed
                                    • Fix support for untyped tokens in OIDC backchannel logout, require unset nonce (#10097)
                                    1 Reply Last reply
                                    0

                                    Hello! It looks like you're interested in this conversation, but you don't have an account yet.

                                    Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

                                    With your input, this post could be even better 💗

                                    Register Login
                                    Reply
                                    • Reply as topic
                                    Log in to reply
                                    • Oldest to Newest
                                    • Newest to Oldest
                                    • Most Votes


                                    • Login

                                    • Don't have an account? Register

                                    • Login or register to search.
                                    • First post
                                      Last post
                                    0
                                    • Categories
                                    • Recent
                                    • Tags
                                    • Popular
                                    • Bookmarks
                                    • Search