Roundcube - Package updates

girish

You can use this thread to track updates to the Roundcube package.

Please open issues in a separate topic instead of replying here.

girish

Package 2.2.0 released:

girish

[2.2.1]

nebulon

[2.2.2]

girish

[2.3.0]

girish

[2.3.1]

Update Roundcube to 1.4.7
Full changelog
Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace
Fix bug where subfolders of special folders could have been duplicated on folder list
Increase maximum size of contact jobtitle and department fields to 128 characters
Fix missing newline after the logged line when writing to stdout (#7418)

nebulon

[2.3.2]

Update Roundcube to 1.4.2
Full changelog
Fix potential XSS issue in HTML editor of the identity signature input
Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
Fix cross-site scripting (XSS) via HTML messages with malicious math content

nebulon

[2.3.3]

Update Roundcube to 1.4.9
Full changelog
Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615)
Add missing localization for some label/legend elements in userinfo plugin (#7478)
Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
Fix restoring Cc/Bcc fields from local storage (#7554)
Fix jstz.min.js installation, bump version to 1.0.7
Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
Fix link to closure compiler in bin/jsshrink.sh script (#7567)
Fix bug where some parts of a message could have been missing in a reply/forward body (#7568)
Fix empty space on mail printouts in Chrome (#7604)
Fix empty output from HTML5 parser when content contains XML tag (#7624)
Fix scroll jump on key press in plain text mode of the HTML editor (#7622)
Fix so autocompletion list does not hide on scroll inside it (#7592)

girish

[2.3.4]

nebulon

[2.4.1]

Update Roundcube to 1.4.10
Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content [CVE-2020-35730]