./mail/roundcube, Browser-based multilingual IMAP client

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.6.12, Package name: php83-roundcube-1.6.12, Maintainer: taca

Roundcube Webmail is a browser-based multilingual IMAP client with an
application-like user interface. It provides full functionality you
expect from an email client, including MIME support, address book, folder
management, message searching and spell checking. Roundcube Webmail is
written in PHP and requires the MySQL, PostgreSQL or SQLite database.
With its plugin API it is easily extendable and the user interface is
fully customizable using skins.

The code designed to run on a webserver is mainly written in PHP and
Javascript. It includes a custom framework with an IMAP library derived
from IlohaMail and requires a set of external libraries (see composer.json
and jsdeps.json files).

The most noteworthy changes of Roundcube 1.6:

* PHP 8.1 support
* Dropped support for PHP < 7.3
* Support responses (snippets) in HTML format
* Option to purge deleted mails older than 30, 60 or 90 days
* Unified and simplified services connection config options
* Removed the Classic and Larry skins from the release packages
* SQLite: Use foreign keys, require SQLite >= 3.6.19


Required to run:
[textproc/php-json] [converters/php-iconv] [graphics/php-exif] [graphics/php-gd] [databases/php-pdo_mysql] [archivers/php-zip] [net/pear-Net_Sieve] [net/pear-Net_SMTP] [net/php-sockets] [mail/pear-Mail_Mime] [mail/pear-Auth_SASL] [converters/php-mbstring] [textproc/php-intl] [net/pear-Net_IDNA2]

Required to build:
[www/apache24]

Package options: apache, gd, iconv, mysql, php-sockets

Master sites:

Filesize: 5703.265 KB

Version history: (Expand)

CVS history: (Expand)


   2025-12-15 15:30:13 by Takahiro Kambe | Files touched by this commit (5) | Package updated
Log message:
mail/roundcube: update to 1.6.12

This release contains security related fixes, last two items.

Roundcube 1.6.12 (2025-12-14)

* Support IPv6 in database DSN (#9937)
* Don't force specific error_reporting setting
* Fix compatibility with PHP 8.5 regarding array_first()
* Remove X-XSS-Protection example from .htaccess file (#9875)
* Fix "Assign to group" action state after creation of a first group \ 
(#9889)
* Fix bug where contacts search would fail if `contactlist_fields` contained
  vcard fields (#9850)
* Fix bug where an mbox export file could include inconsistent message
  delimiters (#9879)
* Fix parsing of inline styles that aren't well-formatted (#9948)
* Fix Cross-Site-Scripting vulnerability via SVG's animate tag
* Fix Information Disclosure vulnerability in the HTML style sanitizer
   2025-06-03 04:08:40 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
mail/roundcube: update to 1.6.11

1.6.11 (2025-06-01)

Security fixes:

* Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v.
   2025-02-12 15:21:58 by Takahiro Kambe | Files touched by this commit (1) 
Log message:
mail/roundcube: recover lines for patch-* files

Accidently, lines for patch-* was removed and should be fix build problem.
   2025-02-09 09:40:17 by Takahiro Kambe | Files touched by this commit (8) | Package updated
Log message:
mail/roundcube: updaet to 1.6.10

Roundcube 1.6.10 (2025-02-07)

* IMAP: Partial support for ANNOTATE-EXPERIMENT-1 extension (RFC 5257)
* OAuth: Support standard authentication with short-living password received
  with OIDC token (#9530)
* Fix PHP warnings (#9616, #9611)
* Fix whitespace handling in vCard line continuation (#9637)
* Fix current script state after initial scripts creation in
  managesieve_kolab_master mode
* Fix rcube_imap::get_vendor() result (and PHP warning) on Zimbra server
 (#9650)
* Fix regression causing inline SVG images to be missing in mail preview
 (#9644)
* Fix plugin "virtuser_file" to handle backward slashes in username (#9668)
* Fix PHP fatal error when parsing some malformed BODYSTRUCTURE responses
 (#9689)
* Fix insert_or_update() and reading database server config on PostgreSQL
 (#9710)
* Fix Oauth issues with use_secure_urls=true (#9722)
* Fix handling of binary mail parts (e.g. PDF) encoded with quoted-printable
  (#9728)
* Fix links in comments and config to https:// where available (#9759,
  #9756)
* Fix decoding of attachment names encoded using both RFC2231 and RFC2047
  standards (#9725)
   2025-02-08 04:44:48 by Takahiro Kambe | Files touched by this commit (20) 
Log message:
multiple PHP support

* Use PHP_BASE_VERS in DEPENDS if required.
* Use REPLACE_PHP.

Bump PKGREVISION.
   2024-09-01 16:55:11 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
mail/roundcube: update to 1.6.9

1.6.9 (2024-09-01)

- Fix regression where printing/scaling/rotating image attachments was
  broken (#9571)
- Fix regression where HTML messages were displayed unstyled (#9586)
   2024-08-08 19:05:03 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
mail/roundcube: update to 1.6.8

1.6.8 (2024-08-04)

This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:

* Fix XSS vulnerability in post-processing of sanitized HTML content
  [CVE-2024-42009]

* Fix XSS vulnerability in serving of attachments other than HTML or SVG
  [CVE-2024-42008]

* Fix information leak (access to remote content) via insufficient CSS
  filtering [CVE-2024-42010]

Credits to Oskar Zeino-Mahmalat (Sonar) for all these findings and thanks
for providing a very detailed report in a private communication.

This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it.  Please do backup your data before
updating!

CHANGELOG

* Managesieve: Protect special scripts in managesieve_kolab_master mode
* Fix newmail_notifier notification focus in Chrome (#9467)
* Fix fatal error when parsing some TNEF attachments (#9462)
* Fix double scrollbar when composing a mail with many plain text lines
  (#7760)
* Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
* Fix bug where some messages could get malformed in an import from a MBOX
  file (#9510)
* Fix invalid line break characters in multi-line text in Sieve scripts
  (#9543)
* Fix bug where "with attachment" filter could fail on some fts engines
  (#9514)
* Fix bug where an unhandled exception was caused by an invalid image
  attachment (#9475)
* Fix bug where a long subject title could not be displayed in some cases
  (#9416)
* Fix infinite loop when parsing malformed Sieve script (#9562)
* Fix bug where imap_conn_option's 'socket' was ignored (#9566)
* Fix XSS vulnerability in post-processing of sanitized HTML content
  [CVE-2024-42009]
* Fix XSS vulnerability in serving of attachments other than HTML or SVG
  [CVE-2024-42008]
* Fix information leak (access to remote content) via insufficient CSS
  filtering [CVE-2024-42010]
   2024-01-28 03:58:22 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
mail/roundcube: update to 1.6.6

1.6.6 (2024-01-20)

* Fix regression in handling LDAP search_fields configuration parameter
  (#9210)
* Enigma: Fix finding of a private key when decrypting a message using GnuPG
  v2.3
* Fix page jump menu flickering on click (#9196)
* Update to TinyMCE 5.10.9 security release (#9228)
* Fix PHP8 warnings (#9235, #9238, #9242, #9306)
* Fix saving other encryption settings besides enigma's (#9240)
* Fix unneeded php command use in installto.sh and deluser.sh scripts
  (#9237)
* Fix TinyMCE localization installation (#9266)
* Fix bug where trailing non-ascii characters in email addresses could have
  been removed in recipient input (#9257)
* Fix IMAP GETMETADATA command with options - RFC5464