[RCD] Updates 1.1.2 and 1.0.6 released
thomas at roundcube.net
Mon Jun 8 09:42:10 CEST 2015
On Sun, Jun 7, 2015 at 10:55 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
> thanks - but why is there no -dep package for 1.0.6?
Because I simply forgot to upload them. Apologies for that! But here we go:
> Am 06.06.2015 um 14:19 schrieb Thomas Bruederli:
>> Dear Roundcube users
>> We just published updates to both stable versions 1.0 and 1.1 after
>> fixing many minor bugs and adding some security improvements to the
>> 1.1 release branch. Version 1.0.6 comes with cherry-picked fixes from
>> the more recent version to ensure proper long term support especially
>> in regards of security and compatibility.
>> The security-related fixes in particular are:
>> - XSS vulnerability in _mbox argument
>> - security improvement in contact photo handling
>> - potential info disclosure from temp directory
>> See the full changelog here: http://trac.roundcube.net/wiki/Changelog
>> Both versions are considered stable and we recommend to update all
>> productive installations of Roundcube with either of these versions.
>> Download them from https://roundcube.net/download
>> As usual, don't forget to backup your data before updating.
>> And there's one more thing:
>> Our crowdfunding campaign for Roundcube Next is still ongoing and has
>> just been updated with more details of what we want to achieve. We'd
>> much appreciate your support for this exciting new project. Please
>> visit https://roundcu.be/next and spread the word about it
> Roundcube Development discussion mailing list
> dev at lists.roundcube.net
More information about the dev