Hello Roundcube users
We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our sourceforge.net page [1].
And stay tuned, 0.6-beta is on the way with lots of new features ;-)
~Thomas
[1] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.5.4/
List info: http://lists.roundcube.net/users/ BT/9b404e9e
0.5.4 has a problem. I notified Thomas, and I'm sure it'll get fixed soon. Until that time, I would not download/install 0.5.4 as it will break roundcube.
Cor
On Fri, 12 Aug 2011 23:12:43 +0200, Cor Bosman wrote:
0.5.4 has a problem. I notified Thomas, and I'm sure it'll get fixed soon. Until that time, I would not download/install 0.5.4 as it will break roundcube.
Cor
List info: http://lists.roundcube.net/dev/ BT/926192a9
i updated my platform with no error
The function rcube_label_exists() is used in 0.5.4, while it doesn't exist. It only exists in 0.6. This causes problems in certain parts of roundcube. I see a blank page when I logout for instance.
Cor
On Fri, 12 Aug 2011 23:30:58 +0200, Cor Bosman wrote:
The function rcube_label_exists() is used in 0.5.4, while it doesn't exist. It only exists in 0.6. This causes problems in certain parts of roundcube. I see a blank page when I logout for instance.
Cor
OK, I see that now as well. In fact, it doesn't kill the session when that blank page appears. Hitting the Back button or re-typing the URL takes you right back to the session. Not good. I guess this is why I don't update my production instance w/o testing...
-- Arne Berglund System Administrator, Internet Services Lane Education Service District Eugene, OR ____________
Hello again
I'm very sorry for the inconvenience but the 0.5.4 package which we have published yesterday was incomplete and some of your already found out. The packages are now updated so please go and re-download it again. Make sure that the checksum od the downloaded file is a4a401b87a89eabd5e113d9e2fe2ea84 (MD5) or d3f4155edf9ef276a948d7b004a7be8890524a54 (SHA1).
Again, I'm very sorry for that! Will test better when releasing.
Best regards, Thomas
On Fri, Aug 12, 2011 at 22:12, Thomas Bruederli thomas@roundcube.net wrote:
Hello Roundcube users
We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our sourceforge.net page [1].
And stay tuned, 0.6-beta is on the way with lots of new features ;-)
~Thomas
[1] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.5.4/
Hi Thomas
Thanks for fixing that. Could you pls also update the v0.5.4 SVN tag? https://svn.roundcube.net/tags/roundcubemail/v0.5.4
Best regards, Philip
Am 13.08.2011 um 11:23 schrieb Thomas Bruederli:
Hello again
I'm very sorry for the inconvenience but the 0.5.4 package which we have published yesterday was incomplete and some of your already found out. The packages are now updated so please go and re-download it again. Make sure that the checksum od the downloaded file is a4a401b87a89eabd5e113d9e2fe2ea84 (MD5) or d3f4155edf9ef276a948d7b004a7be8890524a54 (SHA1).
Again, I'm very sorry for that! Will test better when releasing.
Best regards, Thomas
On Fri, Aug 12, 2011 at 22:12, Thomas Bruederli thomas@roundcube.net wrote:
Hello Roundcube users
We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our sourceforge.net page [1].
And stay tuned, 0.6-beta is on the way with lots of new features ;-)
~Thomas
[1] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.5.4/
RoundCube Announce mailing list Announce@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/announce BT/e4a7842d
-
Arne Berglund -
Cor Bosman -
ml@roundcube.fakessh.eu -
Philip Iezzi -
Thomas Bruederli