Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Roundcube
  3. Roundcube 1.5.2 released with Security fixes

Roundcube 1.5.2 released with Security fixes

Scheduled Pinned Locked Moved Solved Roundcube
4 Posts 3 Posters 692 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • necrevistonnezrN Offline
      necrevistonnezrN Offline
      necrevistonnezr
      wrote on last edited by
      #1

      https://github.com/roundcube/roundcubemail/releases/tag/1.5.2

      Security fix

      Cross-site scripting (XSS) via HTML messages with malicious CSS content
      This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!

      CHANGELOG

      OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
      OAuth: fix expiration of short-lived oauth tokens (#8147)
      OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144)
      OAuth: no auto-redirect on imap login failures (#8370)
      OAuth: refresh access token in 'refresh' plugin hook (#8224)
      Fix so folder search parameters are honored by subscriptions_option plugin (#8312)
      Fix password change with Directadmin driver (#8322, #8329)
      Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
      Fix handling of unicode/special characters in custom From input (#8357)
      Fix some PHP8 compatibility issues (#8363)
      Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
      Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367)
      Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content

      nebulonN 1 Reply Last reply
      3
      • necrevistonnezrN necrevistonnezr

        https://github.com/roundcube/roundcubemail/releases/tag/1.5.2

        Security fix

        Cross-site scripting (XSS) via HTML messages with malicious CSS content
        This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!

        CHANGELOG

        OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
        OAuth: fix expiration of short-lived oauth tokens (#8147)
        OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144)
        OAuth: no auto-redirect on imap login failures (#8370)
        OAuth: refresh access token in 'refresh' plugin hook (#8224)
        Fix so folder search parameters are honored by subscriptions_option plugin (#8312)
        Fix password change with Directadmin driver (#8322, #8329)
        Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
        Fix handling of unicode/special characters in custom From input (#8357)
        Fix some PHP8 compatibility issues (#8363)
        Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
        Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367)
        Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content

        nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        @necrevistonnezr mostly the package is ready, however there seems to be an imap ssl regression or at least it can't connect to the server anymore. The error as such does not give much clue, so I'm investigating....

        1 Reply Last reply
        0
        • nebulonN Offline
          nebulonN Offline
          nebulon
          Staff
          wrote on last edited by
          #3

          New app is now published...turned out to only have a regression with our current Cloudron master not with the released Cloudron version.

          girishG 1 Reply Last reply
          3
          • nebulonN nebulon

            New app is now published...turned out to only have a regression with our current Cloudron master not with the released Cloudron version.

            girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #4

            @nebulon there was bug in the package using the incorrect imap port, I have pushed a fix.

            1 Reply Last reply
            1
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes


              • Login

              • Don't have an account? Register

              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search