Hi everybody
The second stable version of the RoundCube Webmail package completes
unfinished work from the 0.2-stable release. It comes up with about 80
bug fixes as well as some performance improvements. See
http://trac.roundcube.net/wiki/Changelog for details.
You can download the package from http://roundcube.net/downloads and
we recommend to update all existing installations of RoundCube.
The upgrading process now became very easy with the integrated update
script. It's runnable from the shell or from within the web-based
installer. Read the UPGRADING instructions for details.
Happy new year!
Thomas
_______________________________________________
RoundCube Announce mailing list
Announce(a)lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/announce
Dear subscribers
There were two security issues reported which are now fixed. The first
was as possible code injection using the html2text conversion script
[1]. The other exploit used the unchecked size parameters of the quota
image to let PHP create huge images eating up all the server memory.
Thanks to Stephan for reporting this.
The two vulnerable scripts were updated in the current 0.2-beta
package and for existing RoundCube installations we recommend to
download the update [2] and to replace all the files with the new
versions found in the archive.
Regards,
Thomas
[1] http://trac.roundcube.net/ticket/1485618
[2] http://downloads.sourceforge.net/roundcubemail/roundcubemail-0.2-beta-patch…
_______________________________________________
RoundCube Announce mailing list
Announce(a)lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/announce