Roundcube - Package updates
-
You can use this thread to track updates to the Roundcube package.
Please open issues in a separate topic instead of replying here.
-
Package 2.2.0 released:
- Update Roundcube to 1.4.4
- Use latest base image 2.0.0
- Full changelog
- Fixes some important security issues
-
[2.2.1]
- Update Roundcube to 1.4.5
- Full changelog
- Security: Fix XSS issue in template object 'username' (#7406)
- Security: Fix cross-site scripting (XSS) via malicious XML attachment
- Security: Fix a couple of XSS issues in Installer (#7406)
- Security: Better fix for CVE-2020-12641
-
[2.2.2]
- Update Roundcube to 1.4.6
- Installer: Fix regression in SMTP test section (#7417)
-
[2.3.0]
- Use
/app/data/php.inifor custom PHP configuration
- Use
-
[2.3.1]
- Update Roundcube to 1.4.7
- Full changelog
- Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace
- Fix bug where subfolders of special folders could have been duplicated on folder list
- Increase maximum size of contact jobtitle and department fields to 128 characters
- Fix missing newline after the logged line when writing to stdout (#7418)
-
[2.3.2]
- Update Roundcube to 1.4.2
- Full changelog
- Fix potential XSS issue in HTML editor of the identity signature input
- Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
- Fix cross-site scripting (XSS) via HTML messages with malicious math content
