Announce

announce@lists.roundcube.net

143 discussions

New Roundcube webmail releases
by Thomas Bruederli 27 Jan '22

27 Jan '22

Dear subscribers Due to some technical issues with our mailing lists, it was not possible for us to announce new releases through this list. Please accept our apologies for this inconvenience. There were a few releases for Roundcube Webmail since the last post to this list so please read about them in our news stream at https://roundcube.net/news/ Kind regards, Thomas

1 0

Roundcube Webmail 1.5.0 released
by Thomas Bruederli 19 Oct '21

19 Oct '21

Dear subscribers We proudly announce the final release of the next major version 1.5 of Roundcube webmail. With this milestone we introduce new features and full PHP 8.0 support. The most noteworthy additions are: - Dark mode for Elastic skin - OAuth2/XOauth support (with plugin hooks) - Collected recipients and trusted senders - Moving recipients between inputs with drag & drop - Full unicode support with MySQL database - Support of IMAP LITERAL- extension RFC 7888 <https://datatracker.ietf.org/doc/html/rfc7888> - Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231> encoded names - Cache refactoring See the full changelog in the release notes <https://github.com/roundcube/roundcubemail/releases/tag/1.5.0> on the Github download page. We also disabled the spell checking feature using spell.roundcube.net by default because some privacy concerns were raised. It now needs to be enabled explicitly by setting the enable_spellcheck config option to true. In case you’re running Roundcube directly from source or if you’re not using the complete package, you need to install 3rd party PHP and JavaScript modules manually. See this post for more details <https://roundcube.net/news/2021/10/18/roundcube-1.5.0-released>. This release is considered stable and we encourage you to update your productive installations after carefully testing the upgrade scenario. Download it from roundcube.net <https://roundcube.net/download>. With the release of Roundcube 1.5.0, the previous stable release branches 1.4.x and 1.3.x will change into LTS low maintenance mode which means they will only receive important security updates but no longer any regular improvement updates. The 1.2.x series is no longer supported and maintained. Kind regards Alec & Thomas

1 0

Spell checking service is back online
by Thomas Bruederli 30 Sep '21

30 Sep '21

Dear subscribers After the recent announcement <https://roundcube.net/news/2021/09/14/spell-roundcube-net-service-down> about the death of spell.roundcube.net, we received a number of offers from internet service providers around the globe who offered their support to continue the free spell checking service for Roundcube. Now we’re happy to announce that we could establish a new sponsoring with HostingU2 <https://hostingu2.nl> from the Netherlands and that spell.roundcube.net is back online. Although we can again support existing Roundcube installations with their default settings for spell checking, we still encourage you to re-configure <https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.…> Roundcube to use PHP’s pspell <https://www.php.net/manual/en/book.pspell.php> or enchant <https://www.php.net/manual/en/book.enchant.php> API with a locally installed aspell library. We have also created a Docker image <https://hub.docker.com/r/roundcube/google-spell-pspell> allowing you to run your own instance of the former Google Spell Check service as we do. Kind regards, Thomas

1 0

Roundcube Webmail 1.5 beta released
by Thomas Bruederli 28 Feb '21

28 Feb '21

Dear subscribers We proudly announce the beta release for the next major version 1.5 of Roundcube webmail. With this milestone we introduce new features and long-awaited improvements. The most noteworthy additions are: - PHP 8.0 support - OAuth2/XOauth support - Dark mode for Elastic skin - Collected recipients and trusted senders - Moving recipients between inputs with drag & drop - Full unicode support with MySQL database - Cache refactoring Adding support for PHP 8 required some deep refactoring of the Roundcube codebase which started with early PHP 5 versions. However, this refactoring also was a bit of a cleaning procedure and resulted in more testable components. In case you’re running Roundcube directly from source or if you’re not using the complete package, you need to install 3rd party javascript modules using the bin/install-jsdeps.sh script. With this release the toolchain required to build a functional package has changed a bit: - bin/jsshrink.sh: replaced google-closure-compiler with UglifyJS - bin/cssshrink.sh: replaced yuicompressor with csso - Elastic theme: require lessc >= 2.5.2 (and add support for v4) with less-plugin-clean-css See the full changelog in the release notes <https://github.com/roundcube/roundcubemail/releases/tag/1.5-beta> on the Github download page. This is a beta release and we recommend to test it on a separate environment. And don’t forget to backup your data before installing it. Download it from roundcube.net <https://roundcube.net/download>. If you intend to test new Roundcube with OAuth2, have a look at this wiki page <https://github.com/roundcube/roundcubemail/wiki/Configuration:-OAuth2> . We also have some Docker images <https://hub.docker.com/r/roundcube/roundcubemail/tags?page=1&name=beta> available for quick testing and evaluation. Kind regards, Alec & Thomas

1 0

Security update 1.4.11 released
by Thomas Bruederli 09 Feb '21

09 Feb '21

Dear subscribers We just published a service and security update to the stable version 1.4 of Roundcube Webmail. It provides a fix for a recently reported stored XSS vulnerability as well a some general improvements from our issue tracker. *Security fix* Fix cross-site scripting (XSS) via HTML messages with malicious CSS content Credits go to Mateusz Szymaniec (CERT Polska). See the full changelog in the release notes on the Github download page: https://github.com/roundcube/roundcubemail/releases/tag/1.4.11 This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from https://roundcube.net/download/ Please do backup your data before updating! Best, Alec & Thomas

1 0

Security updates 1.4.10, 1.3.16 and 1.2.13 released
by Thomas Bruederli 28 Dec '20

28 Dec '20

Dear subscribers We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a recently reported stored XSS vulnerability found and kindly reported by Alex Birnberg (birnbergalex(a)gmail.com). The 1.4.10 release also contains a few general improvements from our issue tracker. See the full changelogs in the release notes on the Github download pages for the updated versions: https://github.com/roundcube/roundcubemail/releases/tag/1.4.10 https://github.com/roundcube/roundcubemail/releases/tag/1.3.16 https://github.com/roundcube/roundcubemail/releases/tag/1.2.13 We strongly recommend to update all productive installations of Roundcube with these new versions. Download them from https://roundcube.net/download/ Best wishes and a happy new year! Alec & Thomas

1 0

Roundcube Webmail 1.4.9 released
by Thomas Bruederli 28 Sep '20

28 Sep '20

Dear subscribers We proudly announce yesterday's release of version 1.4.9. It's a service update to the stable version 1.4 of Roundcube Webmail. It contains fixes and general improvements from our issue tracker, mainly related to email composition and UI oddities in Elastic skin and with the TinyMCE richtext editor. See the full changelog in the release notes on the Github download page [1]. This version is considered stable and we recommend updating all productive installations of Roundcube with it. Download the latest tarballs from https://roundcube.net/download Best, Alec & Thomas [1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.9

1 0

Security updates 1.4.8, 1.3.15 and 1.2.12 released
by Thomas Bruederli 10 Aug '20

10 Aug '20

Dear subscribers We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain two recently reported cross-site scripting (XSS) vulnerabilities. The 1.4.8 release also contains a number of general improvements from our issue tracker [1]. Security fixes: * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) * Fix cross-site scripting (XSS) via HTML messages with malicious math content Credits for these two findings go to Łukasz Pilorz from Pentesters [2]. See the full changelogs in the release notes on the Github download pages for the updated versions. We strongly recommend updating all productive installations of Roundcube with these new versions. Download the latest tarballs from https://roundcube.net/download Best, Alec & Thomas [1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.8 [2] https://www.pentesters.pl/

1 0

Security updates 1.4.7, 1.3.14 and 1.2.11 released
by Thomas Bruederli 06 Jul '20

06 Jul '20

Dear subscribers We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain a recently reported cross-site scripting (XSS) vulnerability via HTML messages with malicious svg/namespace. Credits for this finding go to SSD Secure Disclosure [1]. The 1.4.7 release also contains a number of general improvements from our issue tracker. See the full changelog in the release notes on the Github download page [2]. We strongly recommend to update all productive installations of Roundcube with these new versions. Download the latest tarballs from https://roundcube.net/download Best, Alec & Thomas [1] https://ssd-disclosure.com/ [2] https://github.com/roundcube/roundcubemail/releases/tag/1.4.7

1 0

Security updates 1.4.5 and 1.3.12
by Thomas Bruederli 08 Jun '20

08 Jun '20

Dear subscribers We recently published service and security updates to the stable version 1.4 and the LTS version 1.3 of Roundcube Webmail. They contain four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. Security fixes: - Fix XSS issue in template object username ** - Fix cross-site scripting (XSS) via malicious XML attachment * - Fix a couple of XSS issues in Installer ** - Better fix for CVE-2020-12641 The latter two vulnerabilities again are related to public access to the Roundcube installer and are therefore classified minor. See the full changelogs in the release notes on the Github download pages [1] and [2]. In addition to the security releases 1.4.5 and 1.3.12 we today pushed follow-up releases containing one single fix for the installer’s test step which was broken with the former security update. We strongly recommend to update all productive installations of Roundcube with this new versions. Download the latest packages from https://roundcube.net/download Best, Thomas & Alec * Credits to the security researcher Matei “Mal” Badanoiu ** Credits to the security researcher LoRexxar@knownsec 404Team [1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.5 [2] https://github.com/roundcube/roundcubemail/releases/tag/1.3.12

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Announce