Roundcube 1.5.2 released with Security fixes
-
wrote on Dec 31, 2021, 10:51 AM last edited by
https://github.com/roundcube/roundcubemail/releases/tag/1.5.2
Security fix
Cross-site scripting (XSS) via HTML messages with malicious CSS content
This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!CHANGELOG
OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
OAuth: fix expiration of short-lived oauth tokens (#8147)
OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144)
OAuth: no auto-redirect on imap login failures (#8370)
OAuth: refresh access token in 'refresh' plugin hook (#8224)
Fix so folder search parameters are honored by subscriptions_option plugin (#8312)
Fix password change with Directadmin driver (#8322, #8329)
Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
Fix handling of unicode/special characters in custom From input (#8357)
Fix some PHP8 compatibility issues (#8363)
Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367)
Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content -
https://github.com/roundcube/roundcubemail/releases/tag/1.5.2
Security fix
Cross-site scripting (XSS) via HTML messages with malicious CSS content
This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!CHANGELOG
OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
OAuth: fix expiration of short-lived oauth tokens (#8147)
OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144)
OAuth: no auto-redirect on imap login failures (#8370)
OAuth: refresh access token in 'refresh' plugin hook (#8224)
Fix so folder search parameters are honored by subscriptions_option plugin (#8312)
Fix password change with Directadmin driver (#8322, #8329)
Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
Fix handling of unicode/special characters in custom From input (#8357)
Fix some PHP8 compatibility issues (#8363)
Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367)
Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content@necrevistonnezr mostly the package is ready, however there seems to be an imap ssl regression or at least it can't connect to the server anymore. The error as such does not give much clue, so I'm investigating....
-
New app is now published...turned out to only have a regression with our current Cloudron master not with the released Cloudron version.
@nebulon there was bug in the package using the incorrect imap port, I have pushed a fix.