Activity Not Available

News

  Analyzed about 1 month ago based on code collected about 1 month ago.
 
Posted over 1 year ago by Thomas Bruederli
This is the last post in this news feed for Roundcube Webmail. In order to keep updated on the latest developments of Roundcube, please visit our website at http://roundcube.net/news or subscribe to the new feed URL.
Posted over 1 year ago by Thomas Bruederli
It wouldn't be Roundcube if there wasn't a minor glitch in our stable releases every now and then. It so happened again in the recent 0.9.3 release where an include_path check triggered some regex warnings on Windows systems. We apologize for this! ... [More] But we're trying hard to keep up and here's a new release which fixes that nasty bug together with some other reported issues that we considered worth being ported to the 0.9 release series.

It's considered stable (really!) and we recommend to update all productive installations of Roundcube with this version. Download it from http://roundcube.net/download, see the full changelog here. [Less]
Posted over 1 year ago by Thomas Bruederli
We proudly announce the third service release for the stable 0.9 series of Roundcube webmail. It fixes 25 more bugs including two recently reposted XSS vulnerabilities with HTML messages and signatures. Along with that, we also optimized the UI ... [More] behavior for touch devices to make Roundcube work nice and smoothly on tablets running iOS or Android.

It's considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from http://roundcube.net/download, see the full changelog here. [Less]
Posted almost 2 years ago by Thomas Bruederli
We're proud to announce the second service release for the 0.9 series of Roundcube. It contains 25 bug fixes and improvements as well as some translation updates.

It's considered stable and we recommend to update all productive installations ... [More] of Roundcube with this version. Download it from http://roundcube.net/download, see the full changelog here. [Less]
Posted almost 2 years ago by Thomas Bruederli
We proudly announce the first service release for the 0.9 series of Roundcube. As usual, it contains
some bug fixes and improvements which didn't make it into the first stable version as well as some translation updates. After getting reports ... [More] that some skin images weren't reloaded due to progressive cache settings, the packaged version now comes with unique urls of skin images referenced by templates and CSS files.

It's considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from http://roundcube.net/download, see the full changelog here. [Less]
Posted about 2 years ago by Thomas Bruederli
We proudly announce the next stable release of Roundcube. This version enhances the webmail experience with these new features:

* Improved rendering of forwarded and attached messages
* Optionally display and compose email messages a new ... [More] windows
* Unified UI for message view and composition
* Show sender photos from contacts in email view
* Render thumbnails for image attachments
* Download all attachments as zip archive (using the zipdownload plugin)
* Forward multiple emails as attachments
* CSV import for contacts

The major change of this version isn't really visible to the users but even more important for the developers: the Roundcube framework. We decoupled the core functions for IMAP access, SMTP email sending, database abstraction, caching, etc. from the webmail application in order to make them usable for other free software products.

Another major change since the 0.8 series is the new database abstraction layer. In order to add support for SQLite3, the PEAR:MDB2 dependency was dropped and Roundcube now uses the native PHP Data Objects (PDO). It's enabled by default since PHP 5.1 and is considered stable and well-developed. One drawback, however, is a small lack in the MySQL PDO driver which makes PHP 5.3 a requirement for this version of Roundcube when using the MySQL database.

After lots of testing and collecting your feedback, this version is considered stable and it also includes the recently discovered vulnerability that allows an attacker to modify its users preferences in a way that he can then read arbitrary files from the server. We therefore recommend to update all productive installations of Roundcube.

Download both the webmail and the framework packages from http://roundcube.net/download
Read the full list of changes here: http://trac.roundcube.net/wiki/Changelog

P.S. Starting with version 0.9.0, there's now professional service and support available for Roundcube. See https://kolabsys.com/news/roundcube-services-and-support-roundcubes-lead-developers [Less]
Posted about 2 years ago by round...@users.sourceforge.net (Thomas Bruederli)
We proudly announce the next stable release of Roundcube. This version enhances the webmail experience with these new features:

* Improved rendering of forwarded and attached messages
Posted about 2 years ago by Thomas Bruederli
We proudly announce the next stable release of Roundcube. This version enhances the webmail experience with these new features:

* Improved rendering of forwarded and attached messages
* Optionally display and compose email messages a new ... [More] windows
* Unified UI for message view and composition
* Show sender photos from contacts in email view
* Render thumbnails for image attachments
* Download all attachments as zip archive (using the zipdownload plugin)
* Forward multiple emails as attachments
* CSV import for contacts

The major change of this version isn't really visible to the users but even more important for the developers: the Roundcube framework. We decoupled the core functions for IMAP access, SMTP email sending, database abstraction, caching, etc. from the webmail application in order to make them usable for other free software products.

Another major change since the 0.8 series is the new database abstraction layer. In order to add support for SQLite3, the PEAR:MDB2 dependency was dropped and Roundcube now uses the native PHP Data Objects (PDO). It's enabled by default since PHP 5.1 and is considered stable and well-developed. One drawback, however, is a small lack in the MySQL PDO driver which makes PHP 5.3 a requirement for this version of Roundcube when using the MySQL database.

After lots of testing and collecting your feedback, this version is considered stable and it also includes the recently discovered vulnerability that allows an attacker to modify its users preferences in a way that he can then read arbitrary files from the server. We therefore recommend to update all productive installations of Roundcube.

Download both the webmail and the framework packages from http://roundcube.net/download
Read the full list of changes here: http://trac.roundcube.net/wiki/Changelog

P.S. Starting with version 0.9.0, there's now professional service and support available for Roundcube. See https://kolabsys.com/news/roundcube-services-and-support-roundcubes-lead-developers [Less]
Posted about 2 years ago by Thomas Bruederli
We just published new releases which fix a recently reported vulnerability that allows an attacker to access files on the server. Please update your installations with the new versions or patch them with the fix which is also published in the ... [More] downloads section or our sourceforge.net page.

Download the latest version from http://roundcube.net/download

Patch for 0.9.x: http://ow.ly/jtQD0
Patch for 0.8.x: http://ow.ly/jtQHM
Patch for 0.7.x: http://ow.ly/jtQK0
Patch for 0.6: http://ow.ly/jtQNd

In order to find out whether one of your users has vulnerable preferences, you can run the following query on the Roundcube user database:

SELECT * FROM users WHERE preferences LIKE '%generic_message_footer%'

If this returns any results, you should block that user because he or she most likely tried to exploit your system.

And here's some background about the vulnerability: http://lists.roundcube.net/pipermail/dev/2013-March/022328.html [Less]
Posted about 2 years ago by round...@users.sourceforge.net (Thomas Bruederli)
We just published new releases which fix a recently reported vulnerability that allows an attacker to access files on the server. Please update your installations with the new versions or patch them with the fix which is also published in the downloads section or our sourceforge.net page.