Dear subscribers
We proudly announce the beta release for the next major version 1.5 of
Roundcube webmail. With this milestone we introduce new features and
long-awaited improvements. The most noteworthy additions are:
- PHP 8.0 support
- OAuth2/XOauth support
- Dark mode for Elastic skin
- Collected recipients and trusted senders
- Moving recipients between inputs with drag & drop
- Full unicode support with MySQL database
- Cache refactoring
Adding support for PHP 8 required some deep refactoring of the Roundcube
codebase which started with early PHP 5 versions. However, this refactoring
also was a bit of a cleaning procedure and resulted in more testable
components.
In case you’re running Roundcube directly from source or if you’re not
using the complete package, you need to install 3rd party javascript
modules using the bin/install-jsdeps.sh script. With this release the
toolchain required to build a functional package has changed a bit:
- bin/jsshrink.sh: replaced google-closure-compiler with UglifyJS
- bin/cssshrink.sh: replaced yuicompressor with csso
- Elastic theme: require lessc >= 2.5.2 (and add support for v4) with
less-plugin-clean-css
See the full changelog in the release notes
<https://github.com/roundcube/roundcubemail/releases/tag/1.5-beta> on the
Github download page.
This is a beta release and we recommend to test it on a separate
environment. And don’t forget to backup your data before installing it.
Download it from roundcube.net <https://roundcube.net/download>.
If you intend to test new Roundcube with OAuth2, have a look at this wiki
page <https://github.com/roundcube/roundcubemail/wiki/Configuration:-OAuth2>
.
We also have some Docker images
<https://hub.docker.com/r/roundcube/roundcubemail/tags?page=1&name=beta>
available for quick testing and evaluation.
Kind regards,
Alec & Thomas
Dear subscribers
We just published a service and security update to the stable version 1.4
of Roundcube Webmail.
It provides a fix for a recently reported stored XSS vulnerability as well
a some general improvements from our issue tracker.
*Security fix*
Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Credits go to Mateusz Szymaniec (CERT Polska).
See the full changelog in the release notes on the Github download page:
https://github.com/roundcube/roundcubemail/releases/tag/1.4.11
This release is considered stable and we recommend to update all productive
installations of Roundcube with this version.
Download it from https://roundcube.net/download/
Please do backup your data before updating!
Best,
Alec & Thomas
