Roundcube Webmail Project News2024-02-18T08:11:47+00:00https://roundcube.netRoundcube Webmail Dev TeamUpdate 1.6.6 released2024-01-20T00:00:00+00:00https://roundcube.net/news/2024/01/20/update-1.6.6-released<p>This is the next service release to update the new stable version 1.6.
It provides a bunch of small fixes after getting your feedback
from the previous releases. See the full changelog in the <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.6.6">release notes</a> on the Github download page.</p>
<p>This release is considered stable and we recommend to update all productive installations
of Roundcube with this version. Download it from <a href="https://roundcube.net/download">roundcube.net</a>.</p>
<p>Please do backup your data before updating!</p>
Nextcloud – the new home for Roundcube2023-11-30T00:00:00+00:00https://roundcube.net/news/2023/11/30/nextcloud-the-new-home-for-roundcube<p>We’re happy to announce that the Roundcube project has found a new home with
<a href="https://nextcloud.com">Nextcloud</a>.</p>
<p>After Thomas, our founder and project lead, decided to step back, the Nextcloud project
project has now assumed ownership of the project organization and taken over the strategic,
operational and administrative responsibilities for Roundcube.</p>
<p>With its unwavering dedication to software freedom and data self-sovereignty, Nextcloud
will empower Roundcube, thereby enhancing development, fostering the growth of the
contributing community and in the longer term, exploring further possibilities for collaboration.</p>
<p>Read the full story in <a href="https://nextcloud.com/de/blog/open-source-email-pioneer-roundcube-comes-aboard-nextcloud/">Nextcloud’s announcement</a>
and more background information in the <a href="https://nextcloud.com/blog/roundcubes-future-at-nextcloud-an-interview-with-the-founders/">intervew with Frank Karlitschek and Thomas Bruederli</a>.</p>
<blockquote>
<p>I‘m proud and thankful for the many years with Roundcube and I’m now very happy to see
our project in good hands to remain a vital contributor for IT decentralization. – <em>Thomas Bruederli</em></p>
</blockquote>
Security updates 1.6.5 and 1.5.6 released2023-11-05T00:00:00+00:00https://roundcube.net/news/2023/11/05/security-updates-1.6.5-and-1.5.6<p>We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail.
They all contain a fix for recently reported security vulnerability.</p>
<h2 id="security-fix">Security fix</h2>
<p>Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download.
Credits for this finding go to Rene Rehme (rehme.infosec).</p>
<p>See the full changelogs in the release notes on the Github download pages for the updated versions
<a href="https://github.com/roundcube/roundcubemail/releases/tag/1.6.5">1.6.5</a> and <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.5.6">1.5.6</a>.</p>
<p>We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.</p>
Security updates 1.5.5 and 1.4.15 released2023-10-16T00:00:00+00:00https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15<p>We just published security updates to the LTS versions 1.4 and 1.5 of Roundcube Webmail.
They all contain a fix for recently reported security vulnerability.</p>
<h2 id="security-fix">Security fix</h2>
<p>Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168).
Credits for this finding go to separately by Matthieu Faou (ESET) and Denys Klymenko.</p>
<p>See the full changelogs in the release notes on the Github download pages for the updated versions
<a href="https://github.com/roundcube/roundcubemail/releases/tag/1.5.5">1.5.5</a> and <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.4.15">1.4.15</a>.</p>
<p>We strongly recommend to update all productive installations of Roundcube 1.4.x and 1.5.x with this new versions.</p>
<p>Please note that we do not plan any more releases in 1.4 line.</p>
Security update 1.6.4 released2023-10-16T00:00:00+00:00https://roundcube.net/news/2023/10/16/security-update-1.6.4-released<p>We just published a security update to the version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:</p>
<ul>
<li>Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168)
reported separately by Matthieu Faou (ESET) and Denys Klymenko.</li>
</ul>
<p>See the full changelog in the release notes in the <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.6.4">release notes</a> on the Github download page.</p>
<p>We strongly recommend to update all productive installations of Roundcube 1.6.x with this new version.</p>
Security update 1.5.4 released2023-09-18T00:00:00+00:00https://roundcube.net/news/2023/09/18/security-update-1.5.4-released<p>We just published a security update to the LTS version 1.5 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:</p>
<ul>
<li>Cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar.</li>
</ul>
<p>See the full changelog in the release notes in the <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.5.4">release notes</a> on the Github download page.</p>
<p>We strongly recommend to update all productive installations of Roundcube 1.5.x with this new version.</p>
Security update 1.4.14 released2023-09-18T00:00:00+00:00https://roundcube.net/news/2023/09/18/security-update-1.4.14-released<p>We just published a security update to the LTS version 1.4 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:</p>
<ul>
<li>Cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar.</li>
</ul>
<p>See the full changelog in the release notes in the <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.4.14">release notes</a> on the Github download page.</p>
<p>We strongly recommend to update all productive installations of Roundcube 1.4.x with this new version.</p>
Security update 1.6.3 released2023-09-15T00:00:00+00:00https://roundcube.net/news/2023/09/15/security-update-1.6.3-released<p>We just published a security update to the version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:</p>
<ul>
<li>Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages,
reported by Niraj Shivtarkar.</li>
</ul>
<p>See the full changelog in the release notes in the <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.6.3">release notes</a> on the Github download page.</p>
<p>We strongly recommend to update all productive installations of Roundcube 1.6.x with this new version.</p>
Update 1.6.2 released2023-07-02T00:00:00+00:00https://roundcube.net/news/2023/07/02/update-1.6.2-released<p>This is the second service release to update the new stable version 1.6.
It provides a bunch of small fixes and improvements after getting your feedback
from the 1.6.0 and 1.6.1 release. See the full changelog in the <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.6.2">release notes</a> on the Github download page.</p>
<p>This release is considered stable and we recommend to update all productive installations
of Roundcube with this version. Download it from <a href="https://roundcube.net/download">roundcube.net</a>.</p>
<p>Please do backup your data before updating!</p>
<h2 id="upgrading-the-complete-package">Upgrading the Complete Package</h2>
<p>Attention when upgrading Roundcube using the complete package!</p>
<p>The installto.sh script does not update the <code class="language-plaintext highlighter-rouge">vendor</code> folder of the installation target.
If you’re not using Composer to install plugins or other dependencies, please remove the <code class="language-plaintext highlighter-rouge">composer.json</code>
file of your Roundcube installation before running the <code class="language-plaintext highlighter-rouge">installto.sh</code> script.</p>
<p>If you have Composer installed, run <code class="language-plaintext highlighter-rouge">composer update --no-dev</code> to complete the upgrade.</p>
Multi-arch Docker Images for Roundcube2023-04-13T00:00:00+00:00https://roundcube.net/news/2023/04/13/multi-arch-docker-images<p>With the latest release of Roundcube webmail we proudly announce that the Docker images
published under <a href="https://hub.docker.com/r/roundcube/roundcubemail/">roundcube/roundcubemail</a>
are now multi-platform and can be run on the following architectures:</p>
<ul>
<li>linux/386</li>
<li>linux/amd64</li>
<li>linux/arm/v6</li>
<li>linux/arm/v7</li>
<li>linux/arm64</li>
<li>linux/ppc64le</li>
<li>linux/s390x</li>
</ul>
<p>The multi-arch builds have been a feature request for a long time and finally became possible with
the power of Github actions and the much appreciated contribution by
<a href="https://github.com/williamdes">William Desportes</a> and <a href="https://www.linkedin.com/in/montgomery-auber-658405259/">Montgomery Auber</a></p>
<p>Starting with version 1.6.0 all Docker images will now be released multi-arch enabling Roundcube to
run on Raspberry Pi, M1 Macs, AWS EC2 Graviton and many other environments without custom builds.</p>
<p>The list of architectures we support is limited to the archs available for <a href="https://hub.docker.com/_/php">php</a>
and <a href="https://hub.docker.com/_/composer">composer</a>.</p>