Dear subscribers
We’re proud to announce the arrival of the next major version 1.1.0 of Roundcube webmail which is now available for download. With this milestone we introduce new features since version 1.0 as well as some clean-up with the 3rd party libraries:
WCAG 2.0 andWAI ARIA standards
In addition to that, we added some new features to improve protection against possible but yet unknown CSRF attacks - thanks to the help of Kolab Systems who supplied the concept and development resources for this.
Although the new security features are yet experimental and disabled by default, our wiki describes how to enable the Secure URLs [1] and give it a try.
And of course, this new version also includes all patches for reported CSRF and XSS vulnerabilities previously released in the 1.0.x series.
IMPORTANT: with the 1.1.x series, we drop support for PHP < 5.3.7 and Internet Explorer < 9. IE7/IE8 support can be restored by enabling the ‘legacy_browser’ plugin which is part of the default package.
See the complete changelog at http://trac.roundcube.net/wiki/Changelog and download the new packages from http://roundcube.net/download.
The download packages come in two flavors: "dependent", which requires the manual installation of 3rd party libs using Composer and "complete", with all the required libraries already packed into the vendor directory and ready to run.
Best, Thomas