Announce

announce@lists.roundcube.net

146 discussions

Security Updates 1.1.4 and 1.0.8 released
by Thomas Bruederli 26 Dec '15

26 Dec '15

Dear Roundcube users We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes one of which seals a potential path traversal vulnerability [1] recently reported by High-Tech Bridge Security Research Lab. Although the vulnerability is not fully disclosed yet, the attack scenario requires an active Roundcube account as well as write privileges on the same host Roundcube is served from (without open_basedir protection). A second security improvement adds some measures against brute-force attacks. See the full changelog here: http://trac.roundcube.net/wiki/Changelog#RELEASE1.1.4 Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from https://roundcube.net/download If you prefer to patch your installation for the path traversal vulnerability only, we also published patches on our download mirrors for versions 1.0 [2] and 1.1 [3]. As usual, don't forget to backup your data before updating! Thanks for all your support and happy new year! Thomas [1] https://www.htbridge.com/advisory/HTB23283 [2] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/1.0.8/ [3] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/1.1.4/

1 0

Roundcube Webmail 1.2-beta out now
by Thomas Bruederli 23 Nov '15

23 Nov '15

We're proud to announce that the beta release of the next major version 1.2 of Roundcube webmail is out now for download and testing. With this milestone we introduce new features primarily focusing on security and PGP encryption: * PHP7 compatibility * PGP encryption * Drag-n-drop attachments from mail preview to compose window * Mail messages searching with predefined date interval * Improved security measures to protect from brute-force attacks And of course plenty of small improvements and bug fixes. The PGP encryption support in Roundcube comes with two options: Mailvelope -------------- The integration of this browser plugin [1] for Firefox and Chrome comes out of the box in Roundcube 1.2 and is enabled if the Mailvelope API is detected in a user's browser. See the Mailvelope documentation [2] how to enable it for your site. Read more about the Mailvelope integration and how this looks like in Alec's blog [3]. Enigma plugin ------------------- This Roundcube plugin adds server-side PGP encryption features to Roundcube. Enabling this means that users need to fully trust the webmail server as encryption is done on the server GnuPG and private keys are also stored there. In order to activate server-side PGP encryption for all your users, the 'enigma' plugin, which is shipped with this package, has to be enabled in the Roundcube config. See the plugin's README for details. Also read Alec's blogpost about the Enigma plugin and how it works [4]. Both encryption features are pretty new and not yet perfectly documented. We'd much appreciate your feedback and your contribution to the end-user documentation [5] or our wiki page [6]. IMPORTANT: with this version, we finally deprecate some old Roundcube library functions [7]. Plugin developers, please test your plugins thoroughly and look for deprecation warnings in the logs. These function will be removed in the final 1.2.0 release and can therefore render plugins dysfunctional. See the full changelog on trac.roundcube.net [8] and download the new packages from https://roundcube.net/download Please note that this is a beta release and we recommend to test it on a separate environment. And don't forget to backup your data before installing it! Enjoy and please share your experience either through our mailing lists or as comments in the blog posts mentioned above. Kind regards, Thomas [1] https://www.mailvelope.com [2] https://www.mailvelope.com/en/help#watchlist [3] https://kolabian.wordpress.com/2015/10/10/mailvelope-integration-pgp-encryp… [4] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/ [5] http://trac.roundcube.net/wiki/Online_Help [6] http://trac.roundcube.net/wiki/Dev_Encryption [7] https://github.com/roundcube/roundcubemail/blob/master/program/include/bc.p… [8] http://trac.roundcube.net/wiki/Changelog

1 0

Updates 1.1.3 and 1.0.6 released
by Thomas Bruederli 18 Sep '15

18 Sep '15

Dear Roundcube users We recently published updates to both stable versions 1.0 and 1.1 after fixing many minor bugs and ensuring compatibility with upstream versions of 3rd party libraries used in Roundcube. Version 1.0.7 comes with cherry-picked fixes from the more recent version to ensure proper long term support. See the full changelog here: http://trac.roundcube.net/wiki/Changelog Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from https://roundcube.net/download As usual, don't forget to backup your data before updating! Best, Thomas P.S. Stay tuned for the 1.2 beta release coming up soon with two options for PGP encryption.

1 1

The excitement continues
by Thomas Bruederli 30 Jun '15

30 Jun '15

Dear subscribers We're just a couple of days away from finishing our Roundcube Next crowd funding and the good news is: we already reached our base goal! That means Roundcube Next will get started and we can refactor the core of Roundcube and get basic email and contacts functionality in place. But that's just the start. If we can push the funding higher, then we can schedule more of the Roundcube Next goals as seen in the graphic on the campaign page. Without that extra support, it will simply take us longer to get there. Visit https://www.indiegogo.com/projects/roundcube-next--2#/story and get involved if you haven't already. Also on the campaign page: some sneak peeks on the visual concepts we've been working on in the past few weeks. The screens are far from being final or complete but you'll the the idea what the new webmail may look like on desktops and mobiles. So there's still time for you to make a difference. Back the campaign today and help us push even further! Best, Thomas and the Roundcube Team

1 0

Updates 1.1.2 and 1.0.6 released
by Thomas Bruederli 06 Jun '15

06 Jun '15

Dear Roundcube users We just published updates to both stable versions 1.0 and 1.1 after fixing many minor bugs and adding some security improvements to the 1.1 release branch. Version 1.0.6 comes with cherry-picked fixes from the more recent version to ensure proper long term support especially in regards of security and compatibility. The security-related fixes in particular are: - XSS vulnerability in _mbox argument - security improvement in contact photo handling - potential info disclosure from temp directory See the full changelog here: http://trac.roundcube.net/wiki/Changelog Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from https://roundcube.net/download As usual, don't forget to backup your data before updating. And there's one more thing: Our crowdfunding campaign for Roundcube Next is still ongoing and has just been updated with more details of what we want to achieve. We'd much appreciate your support for this exciting new project. Please visit https://roundcu.be/next and spread the word about it.

1 0

Roundcube Next is coming and we need your help!
by Thomas Bruederli 06 May '15

06 May '15

Dear subscribers What started with the hypothetical question, "how would we implement Roundcube if we could start over again?" [1], has now grown into a concrete plan how to create the responsive, fast and beautiful successor of Roundcube. It has become clear that the architectural changes necessary for this are way too big to be applied to the current Roundcube codebase without breaking the compatibility in a major way. That's why we're planning to define Roundcube One as feature complete and focus on a new core engine for the future Roundcube webmail application. In order to make than happen, we can reply on long time partners who supported Roundcube already in the past. Kolab Systems has offered to drive this project by contributing their well established software development capabilities and dedicate additional developer power to help us get the work done. In addition to that, the folks from Kolab Digital in London are going to share their expertise on the UX and design part of it. Two major goals are important to us: Besides improving the core technology and modernizing the UI, we also aim to move some of the groupware features we currently see in the Kolab suite into Roundcube itself and make them available for other backends. And we'll certainly provide a migration path to existing Roundcube installations. So to enable us to achieve these high stake goals together for Roundcube Next we proudly announce our crowdfunding campaign at Indiegogo. Go to https://roundcu.be/next and back us if you can or help us spread the word about it. Your websites, blogs and social media channels can help us reach more people. Or if you're working for, or are a customer of, an ISP who's already using Roundcube, please forward this campaign to your product manager. Let's challenge today's email and create the most awesome webmail application people deserve to communicate freely using systems and services they can trust. The next Roundcube will of course again be 100% open source and made available to everybody. This is your chance to contribute to the success of free software. Many thanks to all of our past, current and future supporters! Sincerely, The Roundcube Dev Team [1] https://roundcubeinbox.wordpress.com/2014/09/12/roundcube-next-if-we-would-…

1 0

Join us at the Kolab Summit in The Hague
by Thomas Bruederli 01 May '15

01 May '15

Dear Roundcube users and affiliates The Roundcube development team gathers this weekend in The Hague at the first Kolab Summit. If you can make it there, we'd love to meet you in person and talk to you about the future of Roundcube. More information about the event and the location can be found here: https://conference.kolab.org Kind regards, Thomas

1 0

Update 1.1.1 released
by Thomas Bruederli 19 Mar '15

19 Mar '15

Dear Roundcube users We're proud to announce the first service release to the stable version 1.1 of Roundcube webmail. It contains some important bug fixes and improvements in error handling as well as a few new features and configuration options. See the full Changelog here: http://trac.roundcube.net/wiki/Changelog It's considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from http://roundcube.net/download. And remember: backup before you update! Kind regards, Thomas

1 0

Roundcube Webmail 1.1.0 released
by Thomas Bruederli 10 Feb '15

10 Feb '15

Dear subscribers We’re proud to announce the arrival of the next major version 1.1.0 of Roundcube webmail which is now available for download. With this milestone we introduce new features since version 1.0 as well as some clean-up with the 3rd party libraries: - Allow searching across multiple folders - Improved support for screen readers and assistive technology using WCAG 2.0 andWAI ARIA standards - Update to TinyMCE 4.1 to support images in HTML signatures (copy & paste) - Added namespace filter and folder searching in folder manager - New config option to disable UI elements/actions - Stronger password encryption using OpenSSL - Support for the IMAP SPECIAL-USE extension - Support for Oracle as database backend - Manage 3rd party libs with Composer In addition to that, we added some new features to improve protection against possible but yet unknown CSRF attacks - thanks to the help of Kolab Systems who supplied the concept and development resources for this. Although the new security features are yet experimental and disabled by default, our wiki describes how to enable the Secure URLs [1] and give it a try. And of course, this new version also includes all patches for reported CSRF and XSS vulnerabilities previously released in the 1.0.x series. IMPORTANT: with the 1.1.x series, we drop support for PHP < 5.3.7 and Internet Explorer < 9. IE7/IE8 support can be restored by enabling the ‘legacy_browser’ plugin which is part of the default package. See the complete changelog at http://trac.roundcube.net/wiki/Changelog and download the new packages from http://roundcube.net/download. The download packages come in two flavors: "dependent", which requires the manual installation of 3rd party libs using Composer and "complete", with all the required libraries already packed into the vendor directory and ready to run. Best, Thomas [1] http://trac.roundcube.net/wiki/Howto_Config/Secure_URLs

1 0

Security update 1.0.5 released
by Thomas Bruederli 24 Jan '15

24 Jan '15

Dear Roundcube users We just released a security update to the stable version 1.0 of Roundcube webmail. Beside a recently reported Cross-Site-Scripting vulnerability, it also contains some bug fixes and improvements we found important for the long term support branch of Roundcube. The fixed XSS issue is documented here: http://trac.roundcube.net/ticket/1490227 See the full changelog here: http://trac.roundcube.net/wiki/Changelog It's considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from http://roundcube.net/download. And like always: backup before updating! Kind regards, Thomas

1 0

← Newer
1
...
4
5
6
7
8
9
10
...
15
Older →

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Announce