Roundcube - Package updates
-
You can use this thread to track updates to the Roundcube package.
Please open issues in a separate topic instead of replying here.
-
Package 2.2.0 released:
- Update Roundcube to 1.4.4
- Use latest base image 2.0.0
- Full changelog
- Fixes some important security issues
-
[2.2.1]
- Update Roundcube to 1.4.5
- Full changelog
- Security: Fix XSS issue in template object 'username' (#7406)
- Security: Fix cross-site scripting (XSS) via malicious XML attachment
- Security: Fix a couple of XSS issues in Installer (#7406)
- Security: Better fix for CVE-2020-12641
-
[2.2.2]
- Update Roundcube to 1.4.6
- Installer: Fix regression in SMTP test section (#7417)
-
[2.3.0]
- Use
/app/data/php.ini
for custom PHP configuration
- Use
-
[2.3.1]
- Update Roundcube to 1.4.7
- Full changelog
- Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace
- Fix bug where subfolders of special folders could have been duplicated on folder list
- Increase maximum size of contact jobtitle and department fields to 128 characters
- Fix missing newline after the logged line when writing to stdout (#7418)
-
[2.3.2]
- Update Roundcube to 1.4.2
- Full changelog
- Fix potential XSS issue in HTML editor of the identity signature input
- Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
- Fix cross-site scripting (XSS) via HTML messages with malicious math content
-
[2.3.3]
- Update Roundcube to 1.4.9
- Full changelog
- Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615)
- Add missing localization for some label/legend elements in userinfo plugin (#7478)
- Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
- Fix restoring Cc/Bcc fields from local storage (#7554)
- Fix jstz.min.js installation, bump version to 1.0.7
- Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
- Fix link to closure compiler in bin/jsshrink.sh script (#7567)
- Fix bug where some parts of a message could have been missing in a reply/forward body (#7568)
- Fix empty space on mail printouts in Chrome (#7604)
- Fix empty output from HTML5 parser when content contains XML tag (#7624)
- Fix scroll jump on key press in plain text mode of the HTML editor (#7622)
- Fix so autocompletion list does not hide on scroll inside it (#7592)
-
[2.3.4]
- Use UTF-8 encoding for mailbox names in sieve rules.
-
[2.4.1]
- Update Roundcube to 1.4.10
- Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content [CVE-2020-35730]
-
[2.5.0]
- Update Roundcube to 1.4.11
- Full changelog
- Security fix: Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
- Use base image v3
- Use PHP 7.4
-
[2.5.1]
- Add separate forwarding and vacation section
-
@girish said in Roundcube - Package updates:
[2.5.1]
- Add separate forwarding and vacation section
Is it possible to expand on the "add separate forwarding and vacation section". I have a lot of users using Roundcube and just want to be sure I know what to expect or notify them of if needed, as many have various rules set for auto-responses and such. It doesn't seem this was an update to Roundcube based on their GitHub releases, so curious what was changed.
I found https://git.cloudron.io/cloudron/roundcube-app/-/commit/b8b2caac3c54d08d4e14e2d7cafc62224a8a4451 - this looks like it's more platform-related then, no actual UI changes for users, right?
-
[2.6.0]
- Update Roundcube to 1.5.0
- Full changelog
- Dark mode for Elastic skin
- OAuth2/XOauth support (with plugin hooks)
- Collected recipients and trusted senders
- Moving recipients between inputs with drag & drop
- Full unicode support with MySQL database
- Support of IMAP LITERAL- extension [RFC 7888]
- Support of RFC 2231 encoded names
- Cache refactoring
-
[2.6.1]
- Update Roundcube to 1.5.1
- Full changelog
- Fix importing contacts with no email address (#8227)
- Fix so session's search scope is not used if search is not active (#8199)
- Fix some PHP8 warnings (#8239)
- Fix so dark mode state is retained after closing the browser (#8237)
- Fix bug where new messages were not added to the list on refresh if skip_deleted=true (#8234)
- Fix colors on "Show source" page in dark mode (#8246)
- Fix handling of dark_mode_support:false setting in skins meta.json - also when devel_mode=false (#8249)
-
[2.6.2]
- Update Roundcube to 1.5.2
- Full changelog
- Cross-site scripting (XSS) via HTML messages with malicious CSS content
-
[2.6.3]
- Remove hardcoded PHP memory limit