Dev

dev@lists.roundcube.net

1 participants
4289 discussions

Roundcube Webmail Update 1.3.4 released
by Thomas Bruederli 14 Jan '18

14 Jan '18

Dear subscribers We proudly announce the next service release to update the stable version 1.3. It contains fixes to several bugs reported by our dear community members and makes Roundcube now fully compatible with PHP 7.2. See the full changelog in the release notes [1] on our Github download page. This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from https://roundcube.net/download. And as usual: please do backup your data before updating! New: starting with version 1.3.3 we also publish Roundcube releases as Docker images. The images are still considered BETA and your feedback with regards to setup, configuration and documentation is much appreciated. Best, Alec & Thomas [1] https://github.com/roundcube/roundcubemail/releases/tag/1.3.4

1 0

add custom button preview
by Vito Buscemi 14 Dec '17

14 Dec '17

I need information about the possibility of inserting a custom button in the preview of a message: how can I proceed? regards, Vito

1 0

cookie issue with contacts plugin and google analytics
by Brendan 08 Dec '17

08 Dec '17

i've had a strange bug happening with a couple users in our environment that i finally managed to track down. before i submit a patch, i'd like to hear opinions about the best way to do so. the problem essentially boils down to overly permissive google analytics(GA) cookies that some of our customers and end users are using. in some cases, GA hands out a cookie named _gid - that cookie can cause problems with roundcube if it's sent along as part of the request for retrieving contacts on the compose page. if you are using a custom contacts souce (as is the case with a contacts plugin, ie the carddav one) in program/steps/mail/list_contacts.inc this block is evaluated: if ($group_id = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GPC)) { $CONTACTS->set_group($group_id); } the request comes in from a GET, but rcube_utils::INPUT_GPC causes rcube_utils::get_input_value() to also consider cookies. if the GA _gid cookie is present, things fall apart (as the value of the cookie does not correspond to an existing group) and no contacts are returned. the simplest fix would be to switch rcube_utils::INPUT_GPC to rcube_utils::INPUT_GET so that roundcube would not consider the cookie. but, there could be some historical use case where the cookie needs to be considered? as an alternate, list_contacts.inc could try and validate the content of the $group_id that is returned and skip setting it if it doesn't seem reasonable. it would seem a little ugly to specifically check for a google specific cookie in the code, so it seems like the INPUT_GET change would be better... but i don't know if that would break other plugins. thoughts?

2 1

Attachment-Size
by Martin Wodrich 22 Nov '17

22 Nov '17

In our Roundcube (GIT-Master) Installation we can only attach up to 5 MebiByte Attachments. In the past (and in our 1.2.x RC-Installation) we can attach up to 128 MebiByte. We had already set the limits upload_max_filesize post_max_size memory_limit in the PHP.INI to 128M and comment out this in .htaccess. What can we do? Cheers, -- Martin Wodrich Admin freexp.de Waltrop/Germany

2 2

Roundcube Docker image
by Thomas Bruederli 21 Nov '17

21 Nov '17

Hello devs and list lurkers Upon common request [1] and a pull request from @J0WI we now published a Docker image for Roundcube webmail: https://hub.docker.com/r/roundcube/roundcubemail/ It's meant to be configured with the described env variables and ready for serving the webmail without first running through the installer. So far the configuration options are limited but it's a start. Before we now apply for an official image, I'd like your feedback and suggestions what other configuration options would be worth to be supported, especially when considering to use the docker image for production environments, too. So please give it a try and check the Dockerfile and entrypoint [2] for suggestions. Kind regards, Thomas [1] https://github.com/roundcube/roundcubemail/issues/5827 [2] https://github.com/roundcube/roundcubemail/tree/master/docker

1 0

Security updates 1.3.3, 1.2.7 and 1.1.10 released
by Thomas Bruederli 08 Nov '17

08 Nov '17

Dear subscribers We just published updates to all stable versions from 1.1.x onwards delivering fixes for a recently discovered file disclosure vulnerability in Roundcube Webmail. Apparently this zero-day exploit is already being used by hackers to read Roundcube’s configuration files. It requires a valid username/password as the exploit only works with a valid session. More details will be published soon under CVE-2017-16651. The Roundcube series 1.0.x is not affected by this vulnerability but we nevertheless back-ported the fix in order to protect from yet unknown exploits. See the full changelog for the according version in the release notes on the Github download pages: https://github.com/roundcube/roundcubemail/releases/tag/1.3.3 https://github.com/roundcube/roundcubemail/releases/tag/1.2.7 https://github.com/roundcube/roundcubemail/releases/tag/1.1.10 https://github.com/roundcube/roundcubemail/releases/tag/1.0.12 We strongly recommend to update all productive installations of Roundcube with either one of these versions. In order to check whether your Roundcube installation has been compromised check the access logs for requests like ?_task=settings&_action=upload-display&_from=timezone As mentioned above, the file disclosure only works for authenticated users and by finding such requests in the logs you should also be able to identify the account used for this unauthorized access. For mitigation we recommend to change the all credentials to external services like database or LDAP address books and preferably also the 'des_key' option in your config. Kind regards Alec & Thomas

1 0

Roundcube Webmail Update 1.3.2 released
by Thomas Bruederli 31 Oct '17

31 Oct '17

Dear subscribers We proudly announce the second service release to update the stable version 1.3. It contains fixes to several bugs reported by you, our dear community members as well as translation updates synchronized from Transifex. We also changed the wording for the setting that controls the time after which an opened message is marked as read. This was previously only affecting messages being viewed in the preview panel but now applies to all means of opening a message. That change came with 1.3.0 an apparently confused many users. Some translation work is still needed here. See the full changelog in the release notes [1] on our Github download page. This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from https://roundcube.net/download. And as usual: please do backup your data before updating! Best, Alec & Thomas [1] https://github.com/roundcube/roundcubemail/releases/tag/1.3.2

1 0

Elastic skin - need a designer
by A.L.E.C 12 Oct '17

12 Oct '17

In case you didn't notice yet, https://kolabian.wordpress.com/2017/09/23/elastic/ I'd like to thank again to John Jackson for help with design. However, John is not available to finish that in a reasonable time. And because I'm not good in graphic design, colors, typography, etc. I'd like to ask if there's maybe anyone who would like to help? While a lot has been done and I'm close to have most of functionality (including core plugins) finished, there are still some small things to do, like some widgets or form elements. These I could do probably on my own in a few months. However, I need a designer to help me polish the skin. So, more of a graphic not UX designer. And because we use fontawesome icons there will not be much need to create icons/images, it's more about general look and feel, colors, spacing, etc. Anyone? -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] ---------------------------------------------------- PGP: 19359DC1 # Blog: https://kolabian.wordpress.com

1 0

keyboard_shortcuts plugin conflicting with enigma
by J. Fahrner 01 Oct '17

01 Oct '17

Hi, I found that the keyboard_shortcuts plugin is conflicting with enigma plugin. When I open a pgp encrypted mail, a popup appears requesting the password to unlock the private key. All characters typed in this popup are interpreted by keyboard_shortcuts. If the password contains an 'r', this immediately triggers a reply. I disabled the keyboard_shortcut plugin to make enigma working. Jochen

2 3

preview pane button gone in 1.3?
by cor＠xs4all.nl 28 Sep '17

28 Sep '17

Hi all, am I right in seeing that the preview pane button is gone? Im referring to the little triangle visible in this screenshot: http://shot.ter.net/img/2017/201709281624-959addfe0000130225abee2291309e23.… <http://shot.ter.net/img/2017/201709281624-959addfe0000130225abee2291309e23.…> I realise you can set the layout with the settings icon, but it takes 3 clicks and saves it permanently. That button allowed you to quickly hide/show the preview pane. Cor

1 0

← Newer
1
...
6
7
8
9
10
11
12
...
429
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Dev