Hello all,
Today I upgraded from roundcube 1.6.13 to 1.6.15 because of the security concerns.
I am installing on a test page, This happened to me upgrading to 1.6.14 as well, but I thought there was an actual problem with malformed emails or broken DB, or something like that.
In the test version, I tried to go into certain emails that gave me a problem in 1.6.14, The error is the following (on the message frame)
But in production, I get the following:
So, in production, I give it permission to show remote resources
After that, I go to 1.6.15 and it shows the message without problems:
So the error doesn't seem to come from a malformed message or from a DB problem, It seems that 1.6.14 and 15 err out on showing this prompt:
I would like your help in figuring out if it's a coding problem, or if I am missing a php module or something like that that 1.6.13 and earlier did not require.
Not related, but migth give a clue, I do have a composer error when upgrading:
*****************************************************************************
NOTICE: New .htaccess file saved as .htaccess.new.
Running update script at target...
Executing database schema update.
/bin/composer
Executing /bin/composer to update dependencies...
Composer could not detect the root package (roundcube/roundcubemail) version, defaulting to '1.0.0'. See https://getcomposer.org/root-version
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires phpunit/phpunit ^4.8.36 || ^5.7.21, found phpunit/phpunit[4.8.36, 5.7.21, ..., 5.7.27] but these were not loaded, because they are affected by security advisories ("PKSA-z3gr-8qht-p93v"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
Running update with --no-dev does not mean require-dev is ignored, it just means the packages will not be installed. If dev requirements are blocking the update you have to resolve those problems.
-----------------------------------------------------------------------------
ATTENTION: Update dependencies by running `php composer.phar update --no-dev`
-----------------------------------------------------------------------------
This instance of Roundcube is up-to-date.
Have fun!
All done.
*********************************************************************
Composer.phar is not found on the installer directory or the test directory, and when installing 1.6.14 I did "composer install" on the test directory and told me that one of the plugins: rc_login_background, could not be processed, because it was written for 1.3.9 or later and I have 1.6.14.
Any further config info I might provide I'll be happy to.
Thanks.