Software-update: Roundcube Webmail 1.5.9 / 1.6.11

Versies 1.5.10 en 1.6.11 van Roundcube Webmail zijn uitgekomen. Roundcube Webmail heeft onder andere ondersteuning voor gedeelde mappen en namespaces, internationalized domain names en SMTP-afleverstatusnotificaties. Daarnaast is de gebruikersinterface voor IMAP-mappen aangepast om zo meer ruimte te bieden voor extensies en plug-ins. De changelog voor beide uitgaven kan hieronder worden gevonden:

Security updates 1.6.11 and 1.5.10 released

We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain a fix for recently reported security vulnerability.

Security fixes

• Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v.

Roundcube Webmail 1.6.11

• Managesieve: Fix match-type selector (remove unsupported options) in delete header action (#9610)
• Improve installer to fix confusion about disabling SMTP authentication (#9801)
• Fix PHP warning in index.php (#9813)
• OAuth: Fix/improve token refresh
• Fix dark mode bug where wrong colors were used for blockquotes in HTML mail preview (#9820)
• Fix HTML message preview if it contains floating tables (#9804)
• Fix removing/expiring redis/memcache records when using a key prefix
• Fix bug where a wrong SPECIAL-USE folder could have been detected, if there were more than one per-type (#9781)
• Fix a default value and documentation of password_ldap_encodage option (#9658)
• Remove mobile/floating Create button from the list in Settings > Folders (#9661)
• Fix Delete and Empty buttons state while creating a folder (#9047)
• Fix connecting to LDAP using ldapi:// URI (#8990)
• Fix cursor position on "below the quote" reply in HTML mode (#8700)
• Fix bug where attachments with content type of application/vnd.ms-tnef were not parsed (#7119)

Roundcube Webmail 1.5.10

• Fix current script state after initial scripts creation in managesieve_kolab_master mode
• Fix regression causing inline SVG images to be missing in mail preview (#9644)