Dear subscribers
We’re proud to announce the arrival of the next major version 1.1.0 of
Roundcube webmail which is now available for download. With this
milestone we introduce new features since version 1.0 as well as some
clean-up with the 3rd party libraries:
- Allow searching across multiple folders
- Improved support for screen readers and assistive technology using
WCAG 2.0 andWAI ARIA standards
- Update to TinyMCE 4.1 to support images in HTML signatures (copy & paste)
- Added namespace filter and folder searching in folder manager
- New config option to disable UI elements/actions
- Stronger password encryption using OpenSSL
- Support for the IMAP SPECIAL-USE extension
- Support for Oracle as database backend
- Manage 3rd party libs with Composer
In addition to that, we added some new features to improve protection
against possible but yet unknown CSRF attacks - thanks to the help of
Kolab Systems who supplied the concept and development resources for
this.
Although the new security features are yet experimental and disabled
by default, our wiki describes how to enable the Secure URLs [1] and
give it a try.
And of course, this new version also includes all patches for reported
CSRF and XSS vulnerabilities previously released in the 1.0.x series.
IMPORTANT: with the 1.1.x series, we drop support for PHP < 5.3.7 and
Internet Explorer < 9.
IE7/IE8 support can be restored by enabling the ‘legacy_browser’
plugin which is part of the default package.
See the complete changelog at http://trac.roundcube.net/wiki/Changelog
and download the new packages from http://roundcube.net/download.
The download packages come in two flavors: "dependent", which requires
the manual installation of 3rd party libs using Composer and
"complete", with all the required libraries already packed into the
vendor directory and ready to run.
Best,
Thomas
[1] http://trac.roundcube.net/wiki/Howto_Config/Secure_URLs