Announce

announce@lists.roundcube.net

143 discussions

Updates 1.2.3 and 1.1.7 released
by Thomas Bruederli 29 Nov '16

29 Nov '16

Dear subscribers We just published another update to the both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch. Included is a fix for a recently revealed security issue when using PHP's mail() function. It has been discovered and kindly reported by Robin Peraglie using the static code analyzer RIPS [1] and more details along with a CVE number will be published shortly. See the full changelog for 1.2.3 in the wiki [2]. Version 1.1.7 is a security update fixing the mail() issue and thus only relevant to Roundcube installations not having an SMTP server configured for mail delivery. Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from GitHub via https://roundcube.net/download. As usual, don't forget to backup your data before updating! Best, Thomas [1] https://www.ripstech.com/ [2] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123

1 0

Update 1.2.2 and 1.1.6 released
by A.L.E.C 30 Sep '16

30 Sep '16

Dear subscribers We just published updates to both stable versions 1.2 and 1.1 delivering important bug fixes and again more improvements of the Enigma plugin introduced in version 1.2. Version 1.1.6 comes with cherry-picked fixes from the more recent version and improvements in contacts searching as well as a few localization fixes. See the full changelog in the wiki [1] and the selection for 1.1.6 on the release page [2]. Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from GitHub via https://roundcube.net/download. As usual, don’t forget to backup your data before updating! Best, Alec [1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-122 [2] https://github.com/roundcube/roundcubemail/releases/tag/1.1.6

1 0

Update 1.2.1 published
by Thomas Bruederli 27 Jul '16

27 Jul '16

Dear subscribers We just published the first service release to update the stable version 1.2. It contains some important bug fixes and improvements in the recently introduced Enigma plugin for PGP encryption. See the detailed Changelog in the wiki [1] or on the the release page [2]. This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from GitHub via https://roundcube.net/download. As usual, don’t forget to backup your data before updating! Best, Thomas [1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-121 [2] https://github.com/roundcube/roundcubemail/releases/tag/1.2.1

1 0

Roundcube Webmail 1.2.0 released
by Thomas Bruederli 22 May '16

22 May '16

Dear subscribers Today we proudly announce the stable version 1.2.0 of Roundcube Webmail which is now available for download. It introduces new features since version 1.1 covering security and PGP encryption topics: - PHP7 compatibility - PGP encryption - Drag-n-drop attachments from mail preview to compose window - Mail messages searching with pre-defined date interval - Improved security measures to protect from brute-force attacks And of course plenty of small improvements and bug fixes. There wasn't much feedback on the 1.2-beta version and the release candidate which we consider a good sign. Some cleanup and stabilization of the Enigma plugin just happened for the now stable version. As already announced with the 1.2-beta release [1], PGP encryption comes in two flavors: client-side using the Mailvelope browser extension and server-side with the Enigma plugin using GnuPG on the server. Support with the Mailvelope browser plugin comes out of the box and is automatically enabled if the Mailvelope API is detected in a user’s browser. The Mailvelope documentation [2] explains how to enable it for your site. The features of the Enigma plugin, which comes with the release package and simply needs to be activated for your Roundcube installation are explained in Alec's blog post [3]. With the release of Roundcube 1.2.0, the previous stable release branches 1.0.x and 1.1.x will switch in to LTS low maintenance mode which means they will only receive important security updates but no longer any regular improvements from upstream. See the complete Changelog in our wiki [4] and download the new packages from https://roundcube.net/download. Roundcube 1.2.0 is considered stable and we recommend to update all productive installations of Roundcube. As usual, don’t forget to backup your data before updating ;-) Best, Thomas [1] https://roundcube.net/news/2015/11/23/roundcube-webmail-1.2-beta-out-now [2] https://www.mailvelope.com/en/help#watchlist [3] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/ [4] https://github.com/roundcube/roundcubemail/wiki/Changelog

1 0

Published Updates 1.1.5 and 1.0.9
by Thomas Bruederli 21 Apr '16

21 Apr '16

Dear subscribers We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes and helps protecting Roundcube against more XSS and CSRF attacks. Version 1.1.5 also has two new plugin hooks integrated and version 1.0.9 comes with cherry-picked fixes from the more recent version to ensure proper long term support. See the full changelog in the wiki [1] and the selection for 1.0.9 on the release page [2]. Both versions are considered stable and we recommend to update all productive installations of Roundcube with either one of these versions. Download them from GitHub via https://roundcube.net/download. As usual, don’t forget to backup your data before updating! Best, Thomas [1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 [2] https://github.com/roundcube/roundcubemail/releases/tag/1.0.9

1 0

Release candidate for 1.2 out now
by Thomas Bruederli 13 Apr '16

13 Apr '16

Hello folks Roundcube 1.2 is pretty much complete and after adding some last-minute improvements we just published a release candidate to give it another round of testing before we slap the 'stable' tag on it. We hereby invite you all to test the release candidate and report remaining bugs to our issue tracker. The most important features we added in 1.2 are: * PHP7 compatibility * PGP encryption in two flavours * Improved security measures to protect from brute-force and CSRF attacks See the full Changelog in our wiki: https://github.com/roundcube/roundcubemail/wiki/Changelog Download the packages or the signed source directly from Github: https://github.com/roundcube/roundcubemail/releases/tag/1.2-rc Please note that we recommend to test it on a separate environment. And don't forget to backup your data before installing it. Another note: with the upcoming stable release of 1.2.0 the old 1.0.x and the 1.1.x series will only receive important security fixes. Updates to these two branches are to be released soon. So stay tuned! Best, Thomas

1 0

Trac platform migrated to Github
by Thomas Bruederli 21 Mar '16

21 Mar '16

Dear subscribers After many ups and downs with our Trac platform which hosted our wiki and the ticket system for years now, we finally migrated the data over to Github where we already host the git repositories. Therefore, on March 25th 2016 the trac.roundcube.net site will be shut down Starting today, the site is in read-only mode meaning that user logins and ticket reporting have been disabled already. This means that submitting new tickets now goes through Github and so does the roadmap planning and overview. The entry point for that is our Github project page at https://github.com/roundcube/roundcubemail Today we just migrated 4.8K tickets from the Trac database to Github issues [1], leaving the invalid and duplicate ones behind. Unfortunately the ticket numbers could not be kept and have all been re-assigned. The original trac ticket numbers are mentioned in the migrated issue body and can be used for searching. We'll also install a redirect service which will translate old Trac urls to the corresponding issue pages. The wiki will also be translated into Github markdown pages. There's some manual reviewing involved in order to update or remove outdated information during this process. Please give us some more days to complete that task. Thank you for your understanding and see you on Github Best, Thomas [1] https://github.com/roundcube/roundcubemail/issues

1 0

Security Updates 1.1.4 and 1.0.8 released
by Thomas Bruederli 26 Dec '15

26 Dec '15

Dear Roundcube users We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes one of which seals a potential path traversal vulnerability [1] recently reported by High-Tech Bridge Security Research Lab. Although the vulnerability is not fully disclosed yet, the attack scenario requires an active Roundcube account as well as write privileges on the same host Roundcube is served from (without open_basedir protection). A second security improvement adds some measures against brute-force attacks. See the full changelog here: http://trac.roundcube.net/wiki/Changelog#RELEASE1.1.4 Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from https://roundcube.net/download If you prefer to patch your installation for the path traversal vulnerability only, we also published patches on our download mirrors for versions 1.0 [2] and 1.1 [3]. As usual, don't forget to backup your data before updating! Thanks for all your support and happy new year! Thomas [1] https://www.htbridge.com/advisory/HTB23283 [2] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/1.0.8/ [3] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/1.1.4/

1 0

Roundcube Webmail 1.2-beta out now
by Thomas Bruederli 23 Nov '15

23 Nov '15

We're proud to announce that the beta release of the next major version 1.2 of Roundcube webmail is out now for download and testing. With this milestone we introduce new features primarily focusing on security and PGP encryption: * PHP7 compatibility * PGP encryption * Drag-n-drop attachments from mail preview to compose window * Mail messages searching with predefined date interval * Improved security measures to protect from brute-force attacks And of course plenty of small improvements and bug fixes. The PGP encryption support in Roundcube comes with two options: Mailvelope -------------- The integration of this browser plugin [1] for Firefox and Chrome comes out of the box in Roundcube 1.2 and is enabled if the Mailvelope API is detected in a user's browser. See the Mailvelope documentation [2] how to enable it for your site. Read more about the Mailvelope integration and how this looks like in Alec's blog [3]. Enigma plugin ------------------- This Roundcube plugin adds server-side PGP encryption features to Roundcube. Enabling this means that users need to fully trust the webmail server as encryption is done on the server GnuPG and private keys are also stored there. In order to activate server-side PGP encryption for all your users, the 'enigma' plugin, which is shipped with this package, has to be enabled in the Roundcube config. See the plugin's README for details. Also read Alec's blogpost about the Enigma plugin and how it works [4]. Both encryption features are pretty new and not yet perfectly documented. We'd much appreciate your feedback and your contribution to the end-user documentation [5] or our wiki page [6]. IMPORTANT: with this version, we finally deprecate some old Roundcube library functions [7]. Plugin developers, please test your plugins thoroughly and look for deprecation warnings in the logs. These function will be removed in the final 1.2.0 release and can therefore render plugins dysfunctional. See the full changelog on trac.roundcube.net [8] and download the new packages from https://roundcube.net/download Please note that this is a beta release and we recommend to test it on a separate environment. And don't forget to backup your data before installing it! Enjoy and please share your experience either through our mailing lists or as comments in the blog posts mentioned above. Kind regards, Thomas [1] https://www.mailvelope.com [2] https://www.mailvelope.com/en/help#watchlist [3] https://kolabian.wordpress.com/2015/10/10/mailvelope-integration-pgp-encryp… [4] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/ [5] http://trac.roundcube.net/wiki/Online_Help [6] http://trac.roundcube.net/wiki/Dev_Encryption [7] https://github.com/roundcube/roundcubemail/blob/master/program/include/bc.p… [8] http://trac.roundcube.net/wiki/Changelog

1 0

Updates 1.1.3 and 1.0.6 released
by Thomas Bruederli 18 Sep '15

18 Sep '15

Dear Roundcube users We recently published updates to both stable versions 1.0 and 1.1 after fixing many minor bugs and ensuring compatibility with upstream versions of 3rd party libraries used in Roundcube. Version 1.0.7 comes with cherry-picked fixes from the more recent version to ensure proper long term support. See the full changelog here: http://trac.roundcube.net/wiki/Changelog Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from https://roundcube.net/download As usual, don't forget to backup your data before updating! Best, Thomas P.S. Stay tuned for the 1.2 beta release coming up soon with two options for PGP encryption.

1 1

← Newer
1
2
3
4
5
6
7
8
9
...
15
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Announce