Dev

dev@lists.roundcube.net

4290 discussions

Updates 1.2.4 and 1.1.8 released
by Thomas Bruederli 10 Mar '17

10 Mar '17

Dear subscribers We just published another update to both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch. Included is a fix for a recently reported XSS vulnerability within CSS styles inside an SVG tag. See the full changelog for 1.2.4 in the wiki [1] and for version 1.1.8 in the release notes [2]. Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from GitHub via https://roundcube.net/download. As usual, don't forget to backup your data before updating! Best, Thomas [1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123 [2] https://github.com/roundcube/roundcubemail/releases/tag/1.1.8

1 0

Automatic encryption of the response
by Vladimir Gorpenko 28 Feb '17

28 Feb '17

Hi! I work with my plugin for s/mime encryption. Functions of encryption and decryption are independent. I would like to release the mode when the response to the encrypted letter is by default encrypted. How I can to transfer in RC information that the letter on which the response is written was encrypted from decryption plugin to encryption plugin? -- Best regards, Vladimir Gorpenko

1 0

Plugin feedback?
by Lukas Erlacher 28 Feb '17

28 Feb '17

Hello, I've been cobbling around with roundcube for a while now (I'm also the author of https://github.com/roundcube/roundcubemail/pull/5565, which sadly I haven't really followed through with). I've now started my first "real" roundcube plugin, here: https://github.com/duk3luk3/roundcube-maintenance-banner I'd be happy to hear any feedback, especially if I'm missing some "best practices". Thanks, Luke

1 1

Current 1.3-git completely broken/unusable (eben w/o any plugins)
by Michael Heydekamp 14 Feb '17

14 Feb '17

Hello, see subject. Just login/logout, you'll see it yourself instantly. Please test your stuff before committing it. Can't access anything, interface is broken, etc. pp. Urgent fix appreciated. Win10/64, FF (but same with Edge). Cheers, -- Michael Heydekamp Co-Admin freexp.de Düsseldorf/Germany

5 21

new helper script for more secure password changing with chpasswd
by Kay Marquardt 13 Feb '17

13 Feb '17

Hi all, I updated roundcube on my new server to 1.3-beta and it worked like a charm, thanks for it. on this new server I tested the password plugin and was not pleased to allow the webserver to call "sudo chpasswd". After some investigation and testing I ended up with a new helper script to call change password via ssh using the provided and excelent expect-passwd method. Additionally I rewrote the chpasswd driver to provide the old password in a compatible way and extended it to pass error messages back to roundcube. Are you interested in my changes and whats the best way to send them for review? From my config.php: // chpasswd Driver options // --------------------- // Command to use (see "Sudo setup" in README) // 2017-02-13: Remarks by Kay Marquardt kay(a)rrr.de // allowing sudo chpasswd directly IMHO opens a security hole! // any script on the webserver can change password for every user, incl. root // $config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2>/dev/null'; // try to be more secure and use dovecot or pam methods // if this is not possible in your setup you can increase security by // sudo to a wrapper, where you can implement some security meassures // 1. a simple wraper is provided by this plugin: helpers/chpasswrapper.py // 2. move wrapper out of default location to a random place // 3. change permissons of wrapper to root:www 770 to avoid changes by user or webserver // 4. add some security meassures, i.e. limit userids where password can be changed // 5. allow webserver sudo for wrapper only (see README) // $config['password_chpasswd_cmd'] = 'sudo /<RANDOMPATH>/roundcube/wrapper/chpass-wrapper.py'; // IMHO the most flexible and secure method for users with interactive shell access is to use ssh with an expect script // I modifed the chpasss driver to provide the old password needed, additionally it pass the script response in case of error. // 1. I wrote a wrapper for the nice expect script provided by this plugin: helpers/chpass-wrapper-expect.py // 2. move wrapper out of default location to a random place // 3. change permissons of wrapper to root:www 770 to avoid changes by user or webserver // 4. I add some security meassures and password policy, see wrapper for details // 5. remove sudo rules you may have applied (see README) $config['password_chpasswd_cmd'] = '/srv/www/database/roundcube/wrapper/chpass-wrapper-expect.py -ssh -host rrr.de'; Kay

1 0

Directly delete messages in Junk
by cor＠xs4all.nl 26 Jan '17

26 Jan '17

Hi all, over the years ive been getting more and more ‘complaints’ that roundcube “isnt directly deleting messages in Junk”. People seem to expect that that option means that spam email is simply directly discarded. Instead, it basically means “dont move messages to trash folder”. Anyone else ever get these questions? Is there possibly a better text for this option? Regards, Cor

1 0

automatically expand address book
by cor＠xs4all.nl 25 Jan '17

25 Jan '17

Hi all, im probably overlooking something obvious but is there a way to automatically expand the address book in the left bar on the compose screen in 1.2? It’s kind of silly that you have to always expand it yourself. Regards, Cor

2 2

Re: [RCD] Join development of new Roundcube skin
by Michiel Beijen 18 Jan '17

18 Jan '17

Hi Georg, On Tue, Jan 17, 2017 at 9:11 AM, Georg Greve <greve(a)kolabsystems.com> wrote: > I assume you saw the message that Thomas posted to the backers on the forums > in October last year? End of year and beginning of new year are always > exceptionally busy times, but past FOSDEM we'll be able to look at > this with fresh eyes to put a new team on this. No, I did not see this, i only saw his update on the Indiegogo page here: https://www.indiegogo.com/projects/roundcube-next--2#/updates which is marked as '8 months ago' which would be May 2016. So do you have a link for this other message from October? > It will happen, and if you really can't wait for your stickers in the > meantime, we'd be happy to provide them - we just felt it made more sense > to do that together with some more concrete news. Of course I can wait for the stickers :D I was just a little disappointed in the lack of updates; since funding was reached in summer 2015 there have been only 2 updates on the indiegogo page. Plus there seem to me more people disappointed there, if I read the comments section: https://www.indiegogo.com/projects/roundcube-next--2#/comments Kindest regards, and looking forward for more updates on Roundcube Next in the upcoming period, -- Michiel

2 1

Join development of new Roundcube skin
by A.L.E.C 18 Jan '17

18 Jan '17

I started working on a new responsive skin for Roundcube. Any help appreciated. Especially we lack graphics and design experts, but there will be also a lot of copy/paste/cleanup and other simple tasks. There's a separate repository so you can send pull requests and discuss issues/features there. https://github.com/roundcube/elastic -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] ---------------------------------------------------- PGP: 19359DC1 # Blog: https://kolabian.wordpress.com

2 3

Updates 1.2.3 and 1.1.7 released
by Thomas Bruederli 05 Jan '17

05 Jan '17

Dear subscribers We just published another update to the both stable versions 1.2 and 1.1 delivering important bug fixes and improvements which we picked from the upstream branch. Included is a fix for a recently revealed security issue when using PHP's mail() function. It has been discovered and kindly reported by Robin Peraglie using the static code analyzer RIPS [1] and more details along with a CVE number will be published shortly. See the full changelog for 1.2.3 in the wiki [2]. Version 1.1.7 is a security update fixing the mail() issue and thus only relevant to Roundcube installations not having an SMTP server configured for mail delivery. Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from GitHub via https://roundcube.net/download. As usual, don't forget to backup your data before updating! Best, Thomas [1] https://www.ripstech.com/ [2] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123

2 1

← Newer
1
...
9
10
11
12
13
14
15
...
429
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Dev