Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Roundcube 1.5.2 released with Security fixes

    Roundcube
    3
    4
    191
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • necrevistonnezr
      necrevistonnezr last edited by

      https://github.com/roundcube/roundcubemail/releases/tag/1.5.2

      Security fix

      Cross-site scripting (XSS) via HTML messages with malicious CSS content
      This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!

      CHANGELOG

      OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
      OAuth: fix expiration of short-lived oauth tokens (#8147)
      OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144)
      OAuth: no auto-redirect on imap login failures (#8370)
      OAuth: refresh access token in 'refresh' plugin hook (#8224)
      Fix so folder search parameters are honored by subscriptions_option plugin (#8312)
      Fix password change with Directadmin driver (#8322, #8329)
      Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
      Fix handling of unicode/special characters in custom From input (#8357)
      Fix some PHP8 compatibility issues (#8363)
      Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
      Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367)
      Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content

      nebulon 1 Reply Last reply Reply Quote 3
      • nebulon
        nebulon Staff @necrevistonnezr last edited by

        @necrevistonnezr mostly the package is ready, however there seems to be an imap ssl regression or at least it can't connect to the server anymore. The error as such does not give much clue, so I'm investigating....

        1 Reply Last reply Reply Quote 0
        • nebulon
          nebulon Staff last edited by

          New app is now published...turned out to only have a regression with our current Cloudron master not with the released Cloudron version.

          girish 1 Reply Last reply Reply Quote 3
          • girish
            girish Staff @nebulon last edited by

            @nebulon there was bug in the package using the incorrect imap port, I have pushed a fix.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Powered by NodeBB