Roundcube Project News - Latest Release Articles

We proudly announce the final release of the long awaited major version 1.4 of Roundcube webmail. After more than two years of hard work by Alec and other volunteer contributors, Roundcube finally gets the responsive skin with full mobile device support - the Elastic.

We just published the long awaited second release candidate for the next major version 1.4 of Roundcube webmail. Many fixes, improvements and final touches have gone into this since the first release candidate was published. Check the Changelog for a complete list of changes.

We proudly announce the next service release to update the stable version 1.3.

We proudly announce the next service release to update the stable version 1.3.

We just published a first release candidate for the next major version 1.4 which has now been in development for quite a while. Although the new responsive Elastic skin is now functional and feature complete, it still lacks the final brush-up to make it shine. We have now finally found a volunteer to work on this and once completed, a second release candidate will follow.

We proudly announce the next service release to update the stable version 1.3.

We proudly announce the beta release of the next major version 1.4 of Roundcube webmail. With this milestone we introduce some new features:

We proudly announce the next service release to update the stable version 1.3. It contains fixes to several bugs backported from the master branch including a security fix mitigating the EFAIL issue recently discovered in OpenPGP.

As a follow-up to the recent security update for the stable versions 1.2. and 1.1, this new release fixes a regression that sneaked in with the IMAP command injection protection which unintentionally disabled actions that operate on all selected messages (e.g. mark all as junk).

Following the recent security update for 1.3, here now come the promised updates for the LTS versions 1.2 and 1.1. They both fix the recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under CVE-2018-9846.