Dev

dev@lists.roundcube.net

4304 discussions

Improvements to the Managesieve plugin
by Marczisovszky Dániel 14 Apr '21

14 Apr '21

Hi Roundcube devs, We have been using Roundcube since many years and migrating from the unmaintained SieveRules plugin by JohnDoh to the official ManageSieve plugin. There are a few things that we want to improve, and we would like to know if it is okay to send these as patches so they can be included in a later official version of the Managesieve plugin. 1. Import of disabled rules generated by the SieveRules plugin ManageSieve uses the trick "if false ..." to disable sieve rules, but SieveRules stores disabled rules as a PHP serialized form of it's internal representation in a sieve comment. Now we have a working version for this that is able to import conditions and vacation (autoreply) rules 2. Add original subject to vacation replies SieveRules can add the original subject to the automatically sent reply, by using a trick of creating a ${subject} sieve variable in a separate rule that is hidden in SieveRules, but ManageSieve imports is an unnamed rule. The rule looks like this: set "subject" ""; if header :matches "subject" "*" { set "subject" "${1}"; } There is also a feature request for this: https://github.com/roundcube/roundcubemail/issues/5258 Our plan is to support this extra rule and also hide it from the UI and add a checkbox to Subject in the vacation part that would append ${subject}. The appended ${subject} would be also hidden from the UI only the checkbox would be used to indicate if the original subject is added to the reply or not. The extra rule would be inserted only if at least one vacation rule wants to append the original subject. We would also add extra configuration options to the plugin, so both features could be disabled by default, especially for the second one, as many considers this as a source of spamming (however big email providers, like GMail appends the old subject when sending an autoreply) So, I'm waiting for your comments, suggestions on the features or if the are applicable for inclusion in the official version Thanks in advance, Daniel

2 1

Add JMAP Support via PHP library
by Joris Baum 01 Apr '21

01 Apr '21

Hey Roundcube community! We at audriga are working on a JMAP PHP library which we plan on using in Roundcube. The main use-case we have in mind is to expose Roundcube's Contact and Calendar data over a JMAP API. What we are implementing should of course be extensible for Mail as well. We already managed to implement a PoC for Roundcube to read and write data over JMAP and want to contribute our changes upstream. Since will be our first time contributing to Roundcube, it would be great to get some initial feedback or guidance. Considering there were some thoughts put into JMAP support in the past (for Roundcube Next concepts): Do you have any advice on extending Roundcube with this feature? Could a Roundcube plugin be the way to go? Regards, Joris -- Joris Baum Tel: +49 721 170293 16 Fax: +49 721 170293 179 http://www.audriga.com |http://www.twitter.com/audriga -------------------------------------------------------------------------- audriga GmbH | Durlacher Allee 47 | 76131 Karlsruhe Sitz der Gesellschaft: Karlsruhe - Amtsgericht Mannheim - HRB 713034 Geschäftsführer: Dr. Frank Dengler, Dr.-Ing. Hans-Jörg Happel --------------------------------------------------------------------------

4 7

Roundcube Webmail 1.5 beta released
by Thomas Bruederli 28 Feb '21

28 Feb '21

Dear subscribers We proudly announce the beta release for the next major version 1.5 of Roundcube webmail. With this milestone we introduce new features and long-awaited improvements. The most noteworthy additions are: - PHP 8.0 support - OAuth2/XOauth support - Dark mode for Elastic skin - Collected recipients and trusted senders - Moving recipients between inputs with drag & drop - Full unicode support with MySQL database - Cache refactoring Adding support for PHP 8 required some deep refactoring of the Roundcube codebase which started with early PHP 5 versions. However, this refactoring also was a bit of a cleaning procedure and resulted in more testable components. In case you’re running Roundcube directly from source or if you’re not using the complete package, you need to install 3rd party javascript modules using the bin/install-jsdeps.sh script. With this release the toolchain required to build a functional package has changed a bit: - bin/jsshrink.sh: replaced google-closure-compiler with UglifyJS - bin/cssshrink.sh: replaced yuicompressor with csso - Elastic theme: require lessc >= 2.5.2 (and add support for v4) with less-plugin-clean-css See the full changelog in the release notes <https://github.com/roundcube/roundcubemail/releases/tag/1.5-beta> on the Github download page. This is a beta release and we recommend to test it on a separate environment. And don’t forget to backup your data before installing it. Download it from roundcube.net <https://roundcube.net/download>. If you intend to test new Roundcube with OAuth2, have a look at this wiki page <https://github.com/roundcube/roundcubemail/wiki/Configuration:-OAuth2> . We also have some Docker images <https://hub.docker.com/r/roundcube/roundcubemail/tags?page=1&name=beta> available for quick testing and evaluation. Kind regards, Alec & Thomas

1 0

Security update 1.4.11 released
by Thomas Bruederli 08 Feb '21

08 Feb '21

Dear subscribers We just published a service and security update to the stable version 1.4 of Roundcube Webmail. It provides a fix for a recently reported stored XSS vulnerability as well a some general improvements from our issue tracker. *Security fix* Fix cross-site scripting (XSS) via HTML messages with malicious CSS content Credits go to Mateusz Szymaniec (CERT Polska). See the full changelog in the release notes on the Github download page: https://github.com/roundcube/roundcubemail/releases/tag/1.4.11 This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from https://roundcube.net/download/ Please do backup your data before updating! Best, Alec & Thomas

1 0

Security updates 1.4.10, 1.3.16 and 1.2.13 released
by Thomas Bruederli 28 Dec '20

28 Dec '20

Dear subscribers We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a recently reported stored XSS vulnerability found and kindly reported by Alex Birnberg (birnbergalex(a)gmail.com). The 1.4.10 release also contains a few general improvements from our issue tracker. See the full changelogs in the release notes on the Github download pages for the updated versions: https://github.com/roundcube/roundcubemail/releases/tag/1.4.10 https://github.com/roundcube/roundcubemail/releases/tag/1.3.16 https://github.com/roundcube/roundcubemail/releases/tag/1.2.13 We strongly recommend to update all productive installations of Roundcube with these new versions. Download them from https://roundcube.net/download/ Best wishes and a happy new year! Alec & Thomas

2 1

'preferences' column initialization in user_create
by Jacques Belin 23 Oct '20

23 Oct '20

Hi, I am fresh new on this list, and it seems that its archives are not available. So, excuse me if this topic has alreadey been discussed. I am working on an update of the squirrelmail_usercopy plugin, to permit the transfer of address groups and the equivalent of the roundcube's "message_highlight" plugin when creating à new user on roundcube with data taken from a current squirrelmail account. Many of our squirrelmail users use these features. If the addition of address groups has been done updating only the original plugin's code, I had to make some change in the "create" function in the program/lib/Roundcube/rcube_user.php file to permit the import of the message highlight preferences. This change is simply the addition of the field 'preferences' for the call of the "user_create" hook, and the storage of the returned value in the "preferences" column of the "users" table of the database. See the diff of the file below (for roundcube 1.4.8) : ----------------------------------------------------------- --- rcube_user.php.orig 2020-08-10 21:05:20.000000000 +0200 +++ rcube_user.php 2020-10-12 15:27:40.574055096 +0200 @@ -621,6 +621,7 @@ 'user_email' => $user_email, 'email_list' => $email_list, 'language' => $_SESSION['language'], + 'preferences' => serialize(array()), )); // plugin aborted this operation @@ -630,11 +631,12 @@ $insert = $dbh->query( "INSERT INTO ".$dbh->table_name('users', true). - " (`created`, `last_login`, `username`, `mail_host`, `language`)". - " VALUES (".$dbh->now().", ".$dbh->now().", ?, ?, ?)", + " (`created`, `last_login`, `username`, `mail_host`, `language`, `preferences`)". + " VALUES (".$dbh->now().", ".$dbh->now().", ?, ?, ?, ?)", $data['user'], $data['host'], - $data['language']); + $data['language'], + $data['preferences']); if ($dbh->affected_rows($insert) && ($user_id = $dbh->insert_id('users'))) { // create rcube_user instance to make plugin hooks work @@ -643,6 +645,7 @@ 'username' => $data['user'], 'mail_host' => $data['host'], 'language' => $data['language'], + 'preferences' => $data['preferences'], )); $rcube->user = $user_instance; $mail_domain = $rcube->config->mail_domain($data['host']); ------------------------------------------------------------ The change has to be made because if the user_create hook permits to populate all columns of the "users" table, the "preferences" column is not treated by the hook, while the "messages highlight" plugin stores its preferences there. Adding the change as I suggest could be seen only as a measure of consistency about the initialization of the "users" table. When I searched in the code to understand why my updated plugin didn't work, I was surprised to see that the "preferences" field was simply not treated... And even beyond the squirrelmail_usercopy plugin, I think this change could help others user-creation related plugins. So, do you think it would be considered to add this change in roundcube ? Jacques. -- The last man connected to the Interet was browsing some old WebSites. "You have new mail" appeared on the screen... --------------------------- adapted from a short Fredric Brown's story

2 3

Roundcube Webmail 1.4.9 released
by Thomas Bruederli 28 Sep '20

28 Sep '20

Dear subscribers We proudly announce yesterday's release of version 1.4.9. It's a service update to the stable version 1.4 of Roundcube Webmail. It contains fixes and general improvements from our issue tracker, mainly related to email composition and UI oddities in Elastic skin and with the TinyMCE richtext editor. See the full changelog in the release notes on the Github download page [1]. This version is considered stable and we recommend updating all productive installations of Roundcube with it. Download the latest tarballs from https://roundcube.net/download Best, Alec & Thomas [1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.9

1 0

Security updates 1.4.8, 1.3.15 and 1.2.12 released
by Thomas Bruederli 10 Aug '20

10 Aug '20

Dear subscribers We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain two recently reported cross-site scripting (XSS) vulnerabilities. The 1.4.8 release also contains a number of general improvements from our issue tracker [1]. Security fixes: * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) * Fix cross-site scripting (XSS) via HTML messages with malicious math content Credits for these two findings go to Łukasz Pilorz from Pentesters [2]. See the full changelogs in the release notes on the Github download pages for the updated versions. We strongly recommend updating all productive installations of Roundcube with these new versions. Download the latest tarballs from https://roundcube.net/download Best, Alec & Thomas [1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.8 [2] https://www.pentesters.pl/

1 0

Security updates 1.4.7, 1.3.14 and 1.2.11 released
by Thomas Bruederli 05 Jul '20

05 Jul '20

Dear subscribers We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain a recently reported cross-site scripting (XSS) vulnerability via HTML messages with malicious svg/namespace. Credits for this finding go to SSD Secure Disclosure [1]. The 1.4.7 release also contains a number of general improvements from our issue tracker. See the full changelog in the release notes on the Github download page [2]. We strongly recommend to update all productive installations of Roundcube with these new versions. Download the latest tarballs from https://roundcube.net/download Best, Alec & Thomas [1] https://ssd-disclosure.com/ [2] https://github.com/roundcube/roundcubemail/releases/tag/1.4.7

1 0

Security updates 1.4.5 and 1.3.12
by Thomas Bruederli 07 Jun '20

07 Jun '20

Dear subscribers We recently published service and security updates to the stable version 1.4 and the LTS version 1.3 of Roundcube Webmail. They contain four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. Security fixes: - Fix XSS issue in template object username ** - Fix cross-site scripting (XSS) via malicious XML attachment * - Fix a couple of XSS issues in Installer ** - Better fix for CVE-2020-12641 The latter two vulnerabilities again are related to public access to the Roundcube installer and are therefore classified minor. See the full changelogs in the release notes on the Github download pages [1] and [2]. In addition to the security releases 1.4.5 and 1.3.12 we today pushed follow-up releases containing one single fix for the installer’s test step which was broken with the former security update. We strongly recommend to update all productive installations of Roundcube with this new versions. Download the latest packages from https://roundcube.net/download Best, Thomas & Alec * Credits to the security researcher Matei “Mal” Badanoiu ** Credits to the security researcher LoRexxar@knownsec 404Team [1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.5 [2] https://github.com/roundcube/roundcubemail/releases/tag/1.3.12

1 0

← Newer
1
2
3
4
5
6
7
8
...
431
Older →

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Dev