Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Roundcube - Package updates


  • Staff

    You can use this thread to track updates to the Roundcube package.

    Please open issues in a separate topic instead of replying here.


  • Staff

    Package 2.2.0 released:

    • Update Roundcube to 1.4.4
    • Use latest base image 2.0.0
    • Full changelog
    • Fixes some important security issues

  • Staff

    [2.2.1]

    • Update Roundcube to 1.4.5
    • Full changelog
    • Security: Fix XSS issue in template object 'username' (#7406)
    • Security: Fix cross-site scripting (XSS) via malicious XML attachment
    • Security: Fix a couple of XSS issues in Installer (#7406)
    • Security: Better fix for CVE-2020-12641

  • Staff

    [2.2.2]

    • Update Roundcube to 1.4.6
    • Installer: Fix regression in SMTP test section (#7417)

  • Staff

    [2.3.0]

    • Use /app/data/php.ini for custom PHP configuration

  • Staff

    [2.3.1]

    • Update Roundcube to 1.4.7
    • Full changelog
    • Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace
    • Fix bug where subfolders of special folders could have been duplicated on folder list
    • Increase maximum size of contact jobtitle and department fields to 128 characters
    • Fix missing newline after the logged line when writing to stdout (#7418)

  • Staff

    [2.3.2]

    • Update Roundcube to 1.4.2
    • Full changelog
    • Fix potential XSS issue in HTML editor of the identity signature input
    • Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
    • Fix cross-site scripting (XSS) via HTML messages with malicious math content

  • Staff

    [2.3.3]

    • Update Roundcube to 1.4.9
    • Full changelog
    • Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615)
    • Add missing localization for some label/legend elements in userinfo plugin (#7478)
    • Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
    • Fix restoring Cc/Bcc fields from local storage (#7554)
    • Fix jstz.min.js installation, bump version to 1.0.7
    • Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
    • Fix link to closure compiler in bin/jsshrink.sh script (#7567)
    • Fix bug where some parts of a message could have been missing in a reply/forward body (#7568)
    • Fix empty space on mail printouts in Chrome (#7604)
    • Fix empty output from HTML5 parser when content contains XML tag (#7624)
    • Fix scroll jump on key press in plain text mode of the HTML editor (#7622)
    • Fix so autocompletion list does not hide on scroll inside it (#7592)

Log in to reply