Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Roundcube
  3. Roundcube 1.5.2 released with Security fixes

Roundcube 1.5.2 released with Security fixes

Scheduled Pinned Locked Moved Solved Roundcube
4 Posts 3 Posters 1.1k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • necrevistonnezrN Offline
    necrevistonnezrN Offline
    necrevistonnezr
    wrote on last edited by
    #1

    https://github.com/roundcube/roundcubemail/releases/tag/1.5.2

    Security fix

    Cross-site scripting (XSS) via HTML messages with malicious CSS content
    This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!

    CHANGELOG

    OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
    OAuth: fix expiration of short-lived oauth tokens (#8147)
    OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144)
    OAuth: no auto-redirect on imap login failures (#8370)
    OAuth: refresh access token in 'refresh' plugin hook (#8224)
    Fix so folder search parameters are honored by subscriptions_option plugin (#8312)
    Fix password change with Directadmin driver (#8322, #8329)
    Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
    Fix handling of unicode/special characters in custom From input (#8357)
    Fix some PHP8 compatibility issues (#8363)
    Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
    Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367)
    Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content

    nebulonN 1 Reply Last reply
    3
    • necrevistonnezrN necrevistonnezr

      https://github.com/roundcube/roundcubemail/releases/tag/1.5.2

      Security fix

      Cross-site scripting (XSS) via HTML messages with malicious CSS content
      This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!

      CHANGELOG

      OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
      OAuth: fix expiration of short-lived oauth tokens (#8147)
      OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144)
      OAuth: no auto-redirect on imap login failures (#8370)
      OAuth: refresh access token in 'refresh' plugin hook (#8224)
      Fix so folder search parameters are honored by subscriptions_option plugin (#8312)
      Fix password change with Directadmin driver (#8322, #8329)
      Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
      Fix handling of unicode/special characters in custom From input (#8357)
      Fix some PHP8 compatibility issues (#8363)
      Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
      Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367)
      Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content

      nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #2

      @necrevistonnezr mostly the package is ready, however there seems to be an imap ssl regression or at least it can't connect to the server anymore. The error as such does not give much clue, so I'm investigating....

      1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #3

        New app is now published...turned out to only have a regression with our current Cloudron master not with the released Cloudron version.

        girishG 1 Reply Last reply
        3
        • nebulonN nebulon

          New app is now published...turned out to only have a regression with our current Cloudron master not with the released Cloudron version.

          girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          @nebulon there was bug in the package using the incorrect imap port, I have pushed a fix.

          1 Reply Last reply
          1
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes


          • Login

          • Don't have an account? Register

          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • Bookmarks
          • Search