The Roundcube Project News

We proudly announce the beta release of the next major version 1.4 of Roundcube webmail. With this milestone we introduce some new features:

We proudly announce the next service release to update the stable version 1.3. It contains fixes to several bugs backported from the master branch including a security fix mitigating the EFAIL issue recently discovered in OpenPGP.

As a follow-up to the recent security update for the stable versions 1.2. and 1.1, this new release fixes a regression that sneaked in with the IMAP command injection protection which unintentionally disabled actions that operate on all selected messages (e.g. mark all as junk).

Following the recent security update for 1.3, here now come the promised updates for the LTS versions 1.2 and 1.1. They both fix the recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under CVE-2018-9846.

We just published a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846.

We proudly announce a new service release to update the stable version 1.3. It contains fixes to several bugs backported from the master branch. One can be called a minor security fix as it fixes blocking of remote content on specially crafted style tags.

We proudly announce the next service release to update the stable version 1.3. It contains fixes to several bugs reported by our dear community members and makes Roundcube fully compatible with PHP 7.2.

We just published updates to all stable versions from 1.1.x onwards delivering fixes for a recently discovered file disclosure vulnerability in Roundcube Webmail.

We proudly announce the second service release to update the stable version 1.3. It contains fixes to several bugs reported by our dear community members as well as translation updates synchronized from Transifex.

This is a service and security update to the stable version 1.2. It contains some important bug fixes and improvements which we picked from the upstream branch.