Roundcube - Package updates
-
[2.3.1]
- Update Roundcube to 1.4.7
- Full changelog
- Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace
- Fix bug where subfolders of special folders could have been duplicated on folder list
- Increase maximum size of contact jobtitle and department fields to 128 characters
- Fix missing newline after the logged line when writing to stdout (#7418)
-
[2.3.2]
- Update Roundcube to 1.4.2
- Full changelog
- Fix potential XSS issue in HTML editor of the identity signature input
- Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
- Fix cross-site scripting (XSS) via HTML messages with malicious math content
-
[2.3.3]
- Update Roundcube to 1.4.9
- Full changelog
- Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615)
- Add missing localization for some label/legend elements in userinfo plugin (#7478)
- Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
- Fix restoring Cc/Bcc fields from local storage (#7554)
- Fix jstz.min.js installation, bump version to 1.0.7
- Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
- Fix link to closure compiler in bin/jsshrink.sh script (#7567)
- Fix bug where some parts of a message could have been missing in a reply/forward body (#7568)
- Fix empty space on mail printouts in Chrome (#7604)
- Fix empty output from HTML5 parser when content contains XML tag (#7624)
- Fix scroll jump on key press in plain text mode of the HTML editor (#7622)
- Fix so autocompletion list does not hide on scroll inside it (#7592)
-
@girish said in Roundcube - Package updates:
[2.5.1]
- Add separate forwarding and vacation section
Is it possible to expand on the "add separate forwarding and vacation section". I have a lot of users using Roundcube and just want to be sure I know what to expect or notify them of if needed, as many have various rules set for auto-responses and such. It doesn't seem this was an update to Roundcube based on their GitHub releases, so curious what was changed.
I found https://git.cloudron.io/cloudron/roundcube-app/-/commit/b8b2caac3c54d08d4e14e2d7cafc62224a8a4451 - this looks like it's more platform-related then, no actual UI changes for users, right?
-
[2.6.0]
- Update Roundcube to 1.5.0
- Full changelog
- Dark mode for Elastic skin
- OAuth2/XOauth support (with plugin hooks)
- Collected recipients and trusted senders
- Moving recipients between inputs with drag & drop
- Full unicode support with MySQL database
- Support of IMAP LITERAL- extension [RFC 7888]
- Support of RFC 2231 encoded names
- Cache refactoring
-
[2.6.1]
- Update Roundcube to 1.5.1
- Full changelog
- Fix importing contacts with no email address (#8227)
- Fix so session's search scope is not used if search is not active (#8199)
- Fix some PHP8 warnings (#8239)
- Fix so dark mode state is retained after closing the browser (#8237)
- Fix bug where new messages were not added to the list on refresh if skip_deleted=true (#8234)
- Fix colors on "Show source" page in dark mode (#8246)
- Fix handling of dark_mode_support:false setting in skins meta.json - also when devel_mode=false (#8249)
-
[2.6.4]
- Update Roundcube to 1.5.3
- Full changelog
- Enigma: Fix initial synchronization of private keys
- Enigma: Fix double quoted-printable encoding of pgp-signed messages with no attachments (#8413)
- Fix various PHP8 warnings (#8392)
- Fix mail headers injection via the subject field on mail compose (#8404)
- Fix bug where small message/rfc822 parts could not be decoded (#8408)
- Fix setting HTML mode on reply/forward of a signed message (#8405)
- Fix handling of RFC2231-encoded attachment names inside of a message/rfc822 part (#8418)
- Fix bug where some mail parts (images) could have not be listed as attachments (#8425)
- Fix bug where attachment icons were stuck at the top of the messages list in Safari (#8433)
- Fix handling of message/rfc822 parts that are small and are multipart structures with a single part (#8458)
- Fix bug where session could time out if DB and PHP timezone were different (#8303)
- Fix bug where DSN flag state wasn't stored with a draft (#8371)
- Fix broken encoding of HTML content encapsulated in a RTF attachment (#8444)
- Fix problem with aria-hidden=true on toolbar menus in the Elastic skin (#8517)
- Fix bug where title tag content was displayed in the body if it contained HTML tags (#8540)
- Fix support for DSN specification without host e.g. pgsql:///dbname (#8558)
-
[2.7.0]
- Update ROundcube to 1.6.0
- Full changelog
- Update to jQuery-UI 1.13.1 (#8455)
- Added possibility to make the logo image a link via the 'skin_logo' option (#8501)
- Use navigator.pdfViewerEnabled for PDF viewer detection
- Remove use of unreliable charset detection (#8344)
- Don't list images attached to multipart/related part as attachments (#7184)
- Password: Add support for ssha256 algorithm (#8459)
- Fix so unix:// URI is supported in various host spec. options again (#8468)
- Fix slow loading of long HTML content into the HTML editor (#8108)
- Fix bug where SMTP password didn't work if it contained '%p' (#8435)
- Enigma: Fix initial synchronization of private keys
- Enigma: Fix double quoted-printable encoding of pgp-signed messages with no attachments (#8413)
-
[2.7.2]
- Update Roundcube to 1.6.1
- Full changelog
- Kill session if refreshing oauth token fails (#8734)
- Fix various PHP 8.1 warnings (#8628, #8644, #8667, #8656, #8647)
- Password: Remove references to %c variable that has been removed before (#8633)
- Fix anchor links in HTML mail (#8632)
- Fix bug where config creation in Installer did ignore options in the form (#8634)
- Fix bug where renamed options were removed from the config on installto.sh (update.sh) run (#8643)
- Fix favicon rewrite rule in .htaccess (#8654)
-
[2.7.3]
- Update Roundcube to 1.6.2
- Full changelog
- Add Uyghur localization
- Fix regression in OAuth request URI caused by use of REQUEST_URI instead of SCRIPT_NAME as a default (#8878)
- Fix bug where false attachment reminder was displayed on HTML mail with inline images (#8885)
- Fix bug where a non-ASCII character in app.js could cause error in javascript engine (#8894)
- Fix JWT decoding with url safe base64 schema (#8890)
- Fix bug where .wav instead of .mp3 file was used for the new mail notification in Firefox (#8895)
- Fix PHP8 warning (#8891)
- Fix support for Windows-31J charset (#8869)
- Fix so LDAP VLV option is disabled by default as documented (#8833)
- Fix so an email address with name is supported as input to the managesieve notify :from parameter (#8918)
- Fix Help plugin menu (#8898)
- Fix invalid onclick handler on the logo image when using non-array skin_logo setting (#8933)
- Fix duplicate recipients in "To" and "Cc" on reply (#8912)
- Fix bug where it wasn't possible to scroll lists by clicking middle mouse button (#8942)
- Fix bug where label text in a single-input dialog could be partially invisible in some locales (#8905)
- Fix bug where LDAP (fulltext) search didn't work without 'search_fields' in config (#8874)
- Fix extra leading newlines in plain text converted from HTML (#8973)
- Fix so recipients with a domain ending with .s are allowed (#8854)
- Fix so vCard output does not contain non-standard/redundant TYPE=OTHER and TYPE=INTERNET (#8838)
- Fix QR code images for contacts with non-ASCII characters (#9001)
- Fix PHP8 warnings when using list_flags and list_cols properties by plugins (#8998)
- Fix bug where subfolders could loose subscription on parent folder rename (#8892)
- Fix connecting to LDAP using an URI with ldapi:// scheme (#8990)
- Fix insecure shell command params handling in cmd_learn driver of markasjunk plugin (#9005)
- Fix bug where some mail headers didn't work in cmd_learn driver of markasjunk plugin (#9005)
- Fix PHP fatal error when importing vcf file using PHP 8.2 (#9025)
- Fix so output of log_date_format with microseconds contains time in server time zone, not UTC
-
[2.7.4]
- Update Roundcube to 1.6.3
- Full changelog
- Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar.
- Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file (#9051)
- Update jQuery-UI to version 1.13.2 (#9041)
- Fix regression that broke use_secure_urls feature (#9052)
- Fix potential PHP fatal error when opening a message with message/rfc822 part (#8953)
- Fix bug where a duplicate <title> tag in HTML email could cause some parts being cut off (#9029)
- Fix bug where a list of folders could have been sorted incorrectly (#9057)
- Fix regression where LDAP addressbook 'filter' option was ignored (#9061)
- Fix wrong order of a multi-folder search result when sorting by size (#9065)
- Fix so install/update scripts do not require PEAR (#9037)
- Fix regression where some mail parts could have been decoded incorrectly, or not at all (#9096)
- Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to non-binary FETCH (#9097)
- Fix PHP8 deprecation warning in the reconnect plugin (#9083)
- Fix "Show source" on mobile with x_frame_options = deny (#9084)
- Fix various PHP warnings (#9098)
- Fix deprecated use of ldap_connect() in password's ldap_simple driver (#9060)
