The Roundcube Project News

We just published the long awaited second release candidate for the next major version 1.4 of Roundcube webmail. Many fixes, improvements and final touches have gone into this since the first release candidate was published. Check the Changelog for a complete list of changes.

We proudly announce the next service release to update the stable version 1.3.

We proudly announce the next service release to update the stable version 1.3.

We just published a first release candidate for the next major version 1.4 which has now been in development for quite a while. Although the new responsive Elastic skin is now functional and feature complete, it still lacks the final brush-up to make it shine. We have now finally found a volunteer to work on this and once completed, a second release candidate will follow.

We proudly announce the next service release to update the stable version 1.3.

We proudly announce the beta release of the next major version 1.4 of Roundcube webmail. With this milestone we introduce some new features:

We proudly announce the next service release to update the stable version 1.3. It contains fixes to several bugs backported from the master branch including a security fix mitigating the EFAIL issue recently discovered in OpenPGP.

As a follow-up to the recent security update for the stable versions 1.2. and 1.1, this new release fixes a regression that sneaked in with the IMAP command injection protection which unintentionally disabled actions that operate on all selected messages (e.g. mark all as junk).

Following the recent security update for 1.3, here now come the promised updates for the LTS versions 1.2 and 1.1. They both fix the recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under CVE-2018-9846.

We just published a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846.