Versie 1.4.8 van Roundcube Webmail is uitgekomen. De voornaamste eigenschap van deze in php geschreven e-mailwebclient is dat Ajax-technologie wordt gebruikt om de gebruikersinterface te tonen, wat een moderne en vlotte indruk geeft. Roundcube Webmail heeft onder andere ondersteuning voor gedeelde mappen en namespaces, internationalized domain names en smtp-delivery status-notificaties. Daarnaast is de gebruikersinterface voor imap-mappen aangepast om zo meer ruimte te bieden voor extensies en plug-ins. Sinds versie 1.4.6 zijn de volgende verbeteringen aangebracht:
Roundcube Webmail 1.4.8This is a service and security update to the stable version 1.4 of Roundcube Webmail.
Security fixes
It contains fixes for recently reported security vulnerabilities as well a small number of general improvements from our issue tracker. See the full changelog below.
- Fix potential XSS issue in HTML editor of the identity signature input
- Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
- Fix cross-site scripting (XSS) via HTML messages with malicious math content
Credits for the latter two findings go to Łukasz Pilorz from Pentesters.
This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!
ChangelogRoundcube Webmail 1.4.7
- Managesieve: Fix too-small input field in Elastic when using custom headers (#7498)
- Fix support for an error as a string in message_before_send hook (#7475)
- Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500)
- Elastic: Fix deleted and replied+forwarded icons on messages list (#7503)
- Managesieve: Allow angle brackets in out-of-office message body (#7518)
- Fix bug in conversion of email addresses to mailto links in plain text messages (#7526)
- Fix
format=flowed
formatting on plain text part derived from the HTML content (#7504)- Fix incorrect rewriting of internal links in HTML content (#7512)
- Fix handling links without defined protocol (#7454)
- Fix paging of search results on IMAP servers with no SORT capability (#7462)
- Fix detecting special folders on servers with both SPECIAL-USE and LIST-STATUS (#7525)
- Security: Fix potential XSS issue in HTML editor of the identity signature input (#7507)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [
CVE-2020-16145
]- Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content
This is a service and security update to the stable version 1.4 of Roundcube Webmail.
Security fix
It contains a fix for recently reported security vulnerability as well a small number of general improvements from our issue tracker. See the full changelog below.Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace (
ChangelogCVE-2020-15562
). Credits for this finding go to SSD Secure Disclosure.
- Fix bug where subfolders of special folders could have been duplicated on folder list
- Increase maximum size of contact jobtitle and department fields to 128 characters
- Fix missing newline after the logged line when writing to stdout (#7418)
- Elastic: Fix context menu (paste) on the recipient input (#7431)
- Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
- Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace