[RCD] Updates 1.1.2 and 1.0.6 released

Thomas Bruederli thomas at roundcube.net
Mon Jun 8 09:42:10 CEST 2015


On Sun, Jun 7, 2015 at 10:55 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
> thanks - but why is there no -dep package for 1.0.6?

Because I simply forgot to upload them. Apologies for that! But here we go:
https://sourceforge.net/projects/roundcubemail/files/roundcubemail-dependent/1.0.6/

~Thomas


> Am 06.06.2015 um 14:19 schrieb Thomas Bruederli:
>>
>> Dear Roundcube users
>>
>> We just published updates to both stable versions 1.0 and 1.1 after
>> fixing many minor bugs and adding some security improvements to the
>> 1.1 release branch. Version 1.0.6 comes with cherry-picked fixes from
>> the more recent version to ensure proper long term support especially
>> in regards of security and compatibility.
>>
>> The security-related fixes in particular are:
>>
>>   - XSS vulnerability in _mbox argument
>>   - security improvement in contact photo handling
>>   - potential info disclosure from temp directory
>>
>> See the full changelog here: http://trac.roundcube.net/wiki/Changelog
>>
>> Both versions are considered stable and we recommend to update all
>> productive installations of Roundcube with either of these versions.
>> Download them from https://roundcube.net/download
>>
>> As usual, don't forget to backup your data before updating.
>>
>> And there's one more thing:
>>
>> Our crowdfunding campaign for Roundcube Next is still ongoing and has
>> just been updated with more details of what we want to achieve. We'd
>> much appreciate your support for this exciting new project. Please
>> visit https://roundcu.be/next and spread the word about it
>
>
>
> _______________________________________________
> Roundcube Development discussion mailing list
> dev at lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/dev


More information about the dev mailing list