* Sun Nov 28 2021 Michael Ströder <michael@stroeder.com>
- update to 1.5.1
* Fix importing contacts with no email address (#8227)
* Fix so session's search scope is not used if search is not active (#8199)
* Fix some PHP8 warnings (#8239)
* Fix so dark mode state is retained after closing the browser (#8237)
* Fix bug where new messages were not added to the list on refresh if skip_deleted=true (#8234)
* Fix colors on "Show source" page in dark mode (#8246)
* Fix handling of dark_mode_support:false setting in skins meta.json - also when devel_mode=false (#8249)
* Fix database initialization if db_prefix is a schema prefix (#8221)
* Fix undefined constant error in Installer on Windows (#8258)
* Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231)
* Fix regression in setting of contact listing name (#8260)
* Fix bug in Larry skin where headers toggle state was reset on full page preview (#8203)
* Fix bug where \u200b characters were added into the recipient input preventing mail delivery (#8269)
* Fix charset conversion errors on PHP < 8 for charsets not supported by mbstring (#8252)
* Fix bug where adding a contact to trusted senders via "Always allow from..." button didn't work (#8264, #8268)
* Fix bug with show_images setting where option 1 and 3 were swapped (#8268)
* Fix PHP fatal error on an undefined constant in contacts import action (#8277)
* Fix fetching headers of multiple message parts at once in rcube_imap_generic::fetchMIMEHeaders() (#8282)
* Fix bug where attachment download could sometimes fail with a CSRF check error (#8283)
* Fix an infinite loop when parsing environment variables with float/integer values (#8293)
* Fix so 'small-dark' logo has more priority than the 'small' logo (#8298)
* Tue Oct 19 2021 lars@linux-schulserver.de - 1.5.0
- update to 1.5.0
+ full PHP8 support
+ Dark mode for Elastic skin
+ OAuth2/XOauth support (with plugin hooks)
+ Collected recipients and trusted senders
+ Moving recipients between inputs with drag & drop
+ Full unicode support with MySQL database
+ Support of IMAP LITERAL- extension RFC 7888
<https://datatracker.ietf.org/doc/html/rfc7888>
+ Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231>
encoded names
+ Cache refactoring
More at https://github.com/roundcube/roundcubemail/releases/tag/1.5.0
- adjusted some file names to new release
(_styles.less -> styles.less; _variables.less -> variables.less;
CHANGELOG -> CHANGELOG.md)
- vendor/roundcube/plugin-installer/src/bin/rcubeinitdb.sh does not exist
any longer
- added SECURITY.md to documentation
- mark the whole documentation directory as documentation instead of
listing some files and others not (avoid duplicate entries in RPM-DB)
- adjust requirements: php-intl is now required
* Mon Feb 08 2021 Michael Ströder <michael@stroeder.com>
- update to 1.4.11 with security fix:
Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
* Fri Jan 22 2021 Arjen de Korte <suse+build@de-korte.org>
- add PHP version to Requires: and Recommends: to make sure the same
version is installed as used during packaging
- drop Requires: http_daemon (fixes boo#1180132) and Suggests: apache2
(which is already required though mod_php_any)
* Tue Dec 01 2020 pgajdos@suse.com
- use system apache rpm macros
* Mon Sep 28 2020 Michael Ströder <michael@stroeder.com>
- update to 1.4.9:
* Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615)
* Add missing localization for some label/legend elements in userinfo plugin (#7478)
* Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
* Fix restoring Cc/Bcc fields from local storage (#7554)
* Fix jstz.min.js installation, bump version to 1.0.7
* Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
* Fix link to closure compiler in bin/jsshrink.sh script (#7567)
* Fix bug where some parts of a message could have been missing in a reply/forward body (#7568)
* Fix empty space on mail printouts in Chrome (#7604)
* Fix empty output from HTML5 parser when content contains XML tag (#7624)
* Fix scroll jump on key press in plain text mode of the HTML editor (#7622)
* Fix so autocompletion list does not hide on scroll inside it (#7592)
* Tue Aug 11 2020 Michael Ströder <michael@stroeder.com>
- update to 1.4.8 with security fixes:
* Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145)
* Fix cross-site scripting (XSS) via HTML messages with malicious math content
* Mon Jul 06 2020 Michael Ströder <michael@stroeder.com>
- update to 1.4.7 with security fix:
* Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace
* Fix bug where subfolders of special folders could have been duplicated on folder list
* Increase maximum size of contact jobtitle and department fields to 128 characters
* Fix missing newline after the logged line when writing to stdout (#7418)
* Elastic: Fix context menu (paste) on the recipient input (#7431)
* Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
* Fix problem with handling attached images with same name when using
database_attachments/redundant_attachments (#7455)
- renamed roundcubemail-1.4.6-config_dir.patch to
roundcubemail-1.4.7-config_dir.patch
* Fri Jul 03 2020 chris@computersalat.de
- add http.inc file
* include one file for php5/php7 admin flags/values
* Sun Jun 07 2020 Michael Ströder <michael@stroeder.com>
- update to 1.4.6
* Installer: Fix regression in SMTP test section (#7417)
- renamed roundcubemail-1.4.5-config_dir.patch to
roundcubemail-1.4.6-config_dir.patch
* Wed Jun 03 2020 Lars Vogdt <lars@linux-schulserver.de>
- update to 1.4.5
Security fixes
* Fix XSS issue in template object 'username' (#7406)
* Fix cross-site scripting (XSS) via malicious XML attachment
* Fix a couple of XSS issues in Installer (#7406)
* Better fix for CVE-2020-12641
Other changes
* Fix bug in extracting required plugins from composer.json that led
to spurious error in log (#7364)
* Fix so the database setup description is compatible with MySQL 8 (#7340)
* Markasjunk: Fix regression in jsevent driver (#7361)
* Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
* Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367)
* Password: Fix issue with Modoboa driver (#7372)
* Mailvelope: Use sender's address to find pubkeys to check signatures (#7348)
* Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
* Fix PHP warning: count(): Parameter must be an array or an object...
in ID command handler (#7392)
* Fix error when user-configured skin does not exist anymore (#7271)
* Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
* Fix bug where PDF attachments marked as inline could have not been
attached on mail forward (#7382)
* Security: Fix a couple of XSS issues in Installer (#7406)
* Security: Fix XSS issue in template object 'username' (#7406)
* Security: Fix cross-site scripting (XSS) via malicious XML attachment
* Security: Better fix for CVE-2020-12641
- renamed roundcubemail-1.4.4-config_dir.patch to
roundcubemail-1.4.5-config_dir.patch
* Wed Apr 29 2020 Michael Ströder <michael@stroeder.com>
- update to 1.4.4
* Fix bug where attachments with Content-Id were attached to the message on reply (#7122)
* Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211)
* Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230)
* Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231)
* Elastic: Fix color of a folder with recent messages (#7281)
* Elastic: Restrict logo size in print view (#7275)
* Fix invalid Content-Type for messages with only html part and inline images * Mail_Mime-1.10.7 (#7261)
* Fix missing contact display name in QR Code data (#7257)
* Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246)
* Fix regression in testing database schema on MSSQL (#7227)
* Fix cursor position after inserting a group to a recipient input using autocompletion (#7267)
* Fix string literals handling in IMAP STATUS (and various other) responses (#7290)
* Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293)
* Fix handling keyservers configured with protocol prefix (#7295)
* Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189)
* Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206)
* Fix so imap error message is displayed to the user on folder create/update (#7245)
* Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147)
* Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312)
* Fix characters encoding in group rename input after group creation/rename (#7330)
* Fix bug where some message/rfc822 parts could not be attached on forward (#7323)
* Make install-jsdeps.sh script working without the 'file' program installed (#7325)
* Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331)
* Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
* Security: Fix XSS issue in handling of CDATA in HTML messages
* Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
* Security: Fix local file inclusion (and code execution) via crafted 'plugins' option
* Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)
- adjusted/renamed roundcubemail-1.4.3-config_dir.patch to
roundcubemail-1.4.4-config_dir.patch
* Thu Feb 20 2020 Michael Ströder <michael@stroeder.com>
- update to 1.4.3
* Enigma: Fix so key list selection is reset when opening key creation form (#7154)
* Enigma: Fix so using list checkbox selection does not load the key preview frame
* Enigma: Fix generation of key pairs for identities with IDN domains (#7181)
* Enigma: Display IDN domains of key users and identities in UTF8
* Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205)
* Managesieve: Fix bug where it wasn't possible to save flag actions (#7188)
* Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137)
* Password: Make chpass-wrapper.py Python 3 compatible (#7135)
* Elastic: Fix disappearing sidebar in mail compose after clicking Mail button
* Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose
* Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143)
* Elastic: Fix text selection in recipient inputs (#7129)
* Elastic: Fix missing Close button in "more recipients" dialog
* Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174)
* Fix regression where "Open in new window" action didn't work (#7155)
* Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165)
* Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923)
* Fix recipient duplicates in print-view when the recipient list has been expanded (#7169)
* Fix bug where files in skins/ directory were listed on skins list (#7180)
* Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117)
* Fix display issues with mail subject that contains line-breaks (#7191)
* Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170)
* Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196)
* Fix using unix:///path/to/socket.file in memcached driver (#7210)
- adjusted/renamed roundcubemail-1.4.2-config_dir.patch to
roundcubemail-1.4.3-config_dir.patch
* Tue Feb 18 2020 Lars Vogdt <lars@linux-schulserver.de>
- prefer brotli over gzip if brotli is available:
+ enable mod_brotli in roundcubemail-httpd.conf (after deflate)
+ enable brotli via a2enmod for new installations
* Thu Jan 02 2020 Lars Vogdt <lars@linux-schulserver.de>
- update to 1.4.2:
* Plugin API: Make actionbefore, before, actionafter and after
events working with plugin actions (#7106)
* Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028)
* Managesieve: Fix so modifier type select wasn't hidden after hiding
modifier select on header change
* Managesieve: Fix filter selection after removing a first filter (#7079)
* Markasjunk: Fix marking more than one message as spam/ham with
email_learn driver (#7121)
* Password: Fix kpasswd and smb drivers' double-escaping bug (#7092)
* Enigma: Add script to import keys from filesystem to the db
storage (for multihost)
* Installer: Fix DB Write test on SQLite database
("database is locked" error) (#7064)
* Installer: Fix so SQLite DSN with a relative path to the database
file works in Installer
* Elastic: Fix contrast of warning toasts (#7058)
* Elastic: Simple search in pretty selects (#7072)
* Elastic: Fix hidden list widget on mobile/tablet when selecting
folder while search menu is open (#7120)
* Fix so type attribute on script tags is not used on HTML5 pages (#6975)
* Fix unread count after purge on a folder that is not currently selected (#7051)
* Fix bug where Enter key didn't work on messages list in "List" layout (#7052)
* Fix bug where deleting a saved search in addressbook caused
display issue on sources/groups list (#7061)
* Fix bug where a new saved search added after removing all searches
wasn't added to the list (#7061)
* Fix bug where a new contact group added after removing all groups
from addressbook wasn't added to the list
* Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
* Fix so use of Ctrl+A does not scroll the list (#7020)
* Fix/remove useless keyup event handler on username input in logon form (#6970)
* Fix bug where cancelling switching from HTML to plain text didn't
set the flag properly (#7077)
* Fix bug where HTML reply could add an empty line with extra indentation
above the original message (#7088)
* Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107)
* Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105)
* Fix bug where 'skins_allowed' option didn't enforce user skin
preference (#7080)
* Fix so contact's organization field accepts up to 128 characters
(it was 50)
* Fix bug where listing tables in PostgreSQL database with db_prefix
didn't work (#7093)
* Fix bug where 'text' attribute on body tag was ignored when
displaying HTML message (#7109)
* Fix bug where next message wasn't displayed after delete in List mode (#7096)
* Fix so number of contacts in a group is not limited to 200 when
redirecting to mail composer from Contacts (#6972)
* Fix malformed characters in HTML message with charset meta tag
not in head (#7116)
- renamed patches:
- roundcubemail-1.1-beta-config_dir.patch
+ roundcubemail-1.4.2-config_dir.patch
* Mon Dec 16 2019 Lars Vogdt <lars@linux-schulserver.de>
- remove more cruft from the source (like .tavis or .gitignore)
- php documentor is not needed on a productive system -> remove
- also fix /usr/bin/env calls for two vendor scripts
- skins now have some configurable files in their directories:
move those files over to /etc/roundcubemail/skins/
- move other text files (incl. vendor ones) out of the root
directory (and handle the LICENSE file a bit different)
- enable mod_filter and add AddOutputFilterByType for common media
types like html, javascript or xml
- enable php7 on newer openSUSE versions
- enable deflate, expires, filter, headers and setenvif on a new
installation - do not enable any module in case of an update
- recommend php-imagick for additional features
* Fri Dec 06 2019 Johannes Weberhofer <jweberhofer@weberhofer.at>
- Updated dependencies
- Moved LICENCE file to proper directory
- removed travis files
- fixed most of the shell scripts to contain /usr/bin/php
* Fri Nov 22 2019 Michael Ströder <michael@stroeder.com>
- Upgrade to version 1.4.1:
* new defaults for smtp_* config options
* changed default password_charset to UTF-8
* login page returning 401 Unauthorized status
Version: 1.3.6-bp150.2.4
* Fri Apr 13 2018 kbabioch@suse.com
- Upgrade to version 1.3.6
* Fix parsing date strings (e.g. from a Date: mail header) with comments
* Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker
* Fix possible IMAP command injection and type juggling vulnerabilities
* Enigma: Fix key selection for signing
* Enigma: Enable keypair generation on Internet Explorer 11
* Fix check_request() bypass in places using get_uids() (CVE-2018-9846 boo#1067574)
* Fix bug where usernames without domain part could be malformed or converted to lower-case on logon
* Fri Mar 16 2018 joop.boonen@opensuse.org
- Upgrade to version 1.3.5
* Added new skin with mobile support - the Elastic
* Support Redis cache
* Improved Mailvelope integration
- Added private key listing and generating to identity settings
- Enable encrypt & sign option if Mailvelope supports it
* Update to jQuery-3.3.1
* vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080)
* Add More actions button in Contacts toolbar with Copy/Move actions (#6081)
* Display an error when clicking disabled link to register protocol handler (#6079)
* Add option trusted_host_patterns (#6009, #5752)
* Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120)
* Support additional connect parameters in PostgreSQL database wrapper
* Use UI dialogs instead of confirm() and alert() where possible
* Display value of the SMTP message size limit in the error message (#6032)
* Skip redundant INSERT query on successful logon when using PHP7
* Replace display_version with display_product_version (#5904)
* Extend disabled_actions config so it accepts also button names (#5903)
* Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
* Add Message-ID to the sendmail log (#5871)
* Managesieve: Add ability to disable filter sets and other actions (#5496, #5898)
* Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021)
* Managesieve: Support filter action with custom IMAP flags (#6011)
* Managesieve: Support 'mime' extension tests - RFC5703 (#5832)
* Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779)
* Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587)
* Composer: Fix certificate validation errors by using packagist only (#5148)
* Enigma: Add button to send mail unencrypted if no key was found (#5913)
* Enigma: Add options to set PGP cipher/digest algorithms (#5645)
* Enigma: Multi-host support
* Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882)
* Update to jquery-minicolors 2.2.6
* Support _filter and _scope as GET arguments for opening mail UI (#5825)
* Support for IMAP folders that cannot contain both folders and messages (#5057)
* Added .user.ini file for php-fpm (#5846)
* Email Resent (Bounce) feature (#4985)
* Various improvements for templating engine and skin behaviours
- Support conditional include
- Support for 'link' objects
- Support including files with path relative to templates directory
- Use <button> instead of <input> for submit button on logon screen
* Reset onerror on images if placeholder does not exist to prevent from requests storm
* Unified and simplified code for loading content frame for responses and identities
* Display contact import and advanced search in popup dialogs
* Make possible to set (some) config options from a skin
* Added optional checkbox selection for the list widget
* Make 'compose' command always enabled
* Add .log suffix to all log file names, add option log_file_ext to control this (#313)
* Archive: Fix archiving by sender address on cyrus-imap
* Archive: Style Archive folder also on folder selector and folder manager lists
* Archive: Add Thunderbird compatible Month option (#5623)
* Return "401 Unauthorized" status when login fails (#5663)
* Support both comma and semicolon as recipient separator, drop recipients_separator option (#5092)
* Plugin API: Added 'show_bytes' hook (#5001)
* subscriptions_option: show \\Noselect folders greyed out (#5621)
* Add option to not indent quoted text on top-posting reply (#5105)
* Removed global $CONFIG variable
* Password: Support host variables in password_db_dsn option (#5955)
* Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759)
* Support AUTHENTICATE LOGIN for IMAP connections (#5563)
* Support LDAP GSSAPI authentication (#5703)
* Allow contacts without an email address (#5079)
* Localized timezone selector (#4983)
* Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640)
* Handle inline images also inside multipart/mixed messages (#5905)
* Fix bug where attachment size wasn't visible when the filename was too long (#6033)
* Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047)
* Fix css conflicts in user interface and e-mail content (#5891)
* Fix duplicated signature when using Back button in Chrome (#5809)
* Fix touch event issue on messages list in IE/Edge (#5781)
* Fix so links over images are not removed in plain text signatures converted from HTML (#4473)
* Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772)
* Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143)
* Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154)
* Fix duplicated labels in Test SMTP Config section (#6166)
* Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169)
* Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149)
* Fix security issue in remote content blocking on HTML image and style tags (#6178)
* Added 9pt and 11pt to the list of font sizes in HTML editor
* Fix handling encoding of HTML tags in "inline" JSON output (#6207)
* Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212)
* Fri Feb 16 2018 ecsos@opensuse.org
- fix rights for enigma plugin
* Mon Feb 05 2018 jengelh@inai.de
- Trim bias from description.
- Replace %__-type macro indirections.
- Avoid bashisms in build logic.
* Sun Feb 04 2018 joop.boonen@opensuse.org
- Upgrade to version 1.3.4
- RELEASE 1.3.4
* Fix bug where contacts search could skip some records (#6130)
* Fix possible information leak - add more strict sql error check on user creation (#6125)
* Fix a couple of warnings on PHP 7.2 (#6098)
* Fix broken long filenames when using imap4d server - workaround server bug (#6048)
* Fix so temp_dir misconfiguration prints an error to the log (#6045)
* Fix untagged COPYUID responses handling - again (#5982)
* Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075)
* Fix bug where Archive folder wasn't auto-created on login with create_default_folders=true
* Fix performance issue when parsing malformed and long Date header (#6087)
* Fix syntax error in mssql.initial.sql (#6097)
* Fix bug where contacts export by selection returned no more than 10 entries (#6103)
* Fix searching contacts by address in LDAP source (#6084)
* Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking protection (#6057)
- RELEASE 1.3.3
* Fix decoding of mailto: links with + character in HTML messages (#6020)
* Fix false reporting of failed upgrade in installto.sh (#6019)
* Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026)
* Fix mangled non-ASCII characters in links in HTML messages (#6028)
- RELEASE 1.3.2
* Fix bug where pink image was used instead of a thumbnail when image resize fails (#5933)
* Fix so files size/count limit is verified (client-side) also on drag-n-drop uploads (#5940)
* Fix invalid template loading on a message error in preview frame (#5941)
* Fix bug where HTML messages could have been rendered empty on some systems (#5957)
* Fix wording of "Mark previewed messages as read" to "Mark messages as read" (#5952)
* Enigma: Fix decryption of messages encoded with non-ascii charset (#5962)
* Fix missing cursor in HTML editor on mail reply (#5969)
* Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
* Fix bug where mail search could return empty result on servers without SORT capability (#5973)
* Fix bug where assets_path wasn't added to some watermark frames
* Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982)
* Fix issue caused by non-default session.cookie_lifetime setting (#5961)
* Fix Edge encoding bug when pasting text into the HTML editor, update to TinyMCE 4.5.8 (#5885)
* Fix handling of unknown Content-Disposition type (#6002)
* Fix truncated folder name on messages list in multi-folder mode, for folders with non-ascii characters (#6004)
* Fix bug where removing the last subfolder did not hide toggle button on its parent record (#6007)
* Fix bug where ghost messages could be added to the list after fast delete (#5941)
- RELEASE 1.3.1
* Add Preferences > Mailbox View > Main Options > Layout (#5829)
* Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820)
* Managesieve: Fix parsing dot-staffed lines in multiline text (#5838)
* Managesieve: Fix AM/PM suffix in vacation time selectors
* Managesieve: Fix bug where 'exists' operator was reset to 'contains' (#5899)
* Remove non-printable characters from filenames on download/display (#5880)
* Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799)
* Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788)
* Fix bug where HTML messages with @media styles could moddify style of page body (#5811)
* Fix style issue on selected and unfocused message that is part of a thread (#5798)
* Fix bug where a.button style from managesieve plugin could impact other elements (#5800)
* Fix position of selected icon for (Mailvelope) Encrypt button
* Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808)
* Fix bug where errors were not printed when using bin/update.sh (#5834)
* Fix PHP 7.2 warnings on count() use (#5845)
* Fix bug where Chrome could not upload the same file that was selected before (#5854)
* Fix duplicate messages on the list after deleting messages on the next to the last page (#5862)
* Fix bug where messages count was not updated after delete when imap_cache is set (#5872)
* Fix potential XSS vulnerability with malformed HTML message markup
* Fix sending message with "Too many public recipients" dialog buttons (#5924)
* Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823)
* Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)
- RELEASE 1.3.0
* Update to TinyMCE 4.5.7
* Fix bug where invalid recipients could be silently discarded (#5739)
* Fix conflict with _gid cookie of Google Analytics (#5748)
* Print error from CLI scripts when system/exec function is disabled (#5744)
* Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
* Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
* Fix folders list sorting on Windows - if php-intl is available (#5732)
* Fix addressbook searching by gender (#5757)
* Fix prevention from using % and * characters in folder name (#5762)
* Fix POST parameter reflection in default_charset selector (#5768)
* Enigma: Fix compatibility with assets_dir
* Managesieve: Skip redundant LISTSCRIPTS command
* Fix SQL syntax error on MariaDB 10.2 (#5774)
* Fix bug where zipdownload ignored files with the same name (#5777)
* Fix bug where it wasn't possible to set timezone to auto-detected value (#5782)
- Build roundcube correcty for both php5 and php7
* Fri Nov 10 2017 lars@linux-schulserver.de
- Update to 1.2.7:
+ Fix file disclosure vulnerability caused by insufficient
input validation (CVE-2017-16651; boo#1067574)
* Tue Sep 19 2017 michael@stroeder.com
- Update to 1.2.6
* Don't ignore (global) userlogins/sendmail logging in per_user_logging mode
* Enigma: Fix compatibility with assets_dir
* Managesieve: Fix AM/PM suffix in vacation time selectors
* Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
* Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
* Fix addressbook searching by gender (#5757)
* Fix SQL syntax error on MariaDB 10.2 (#5774)
* Fix bug where it wasn't possible to set timezone to auto-detected value (#5782)
* Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788)
* Fix potential XSS vulnerability with malformed HTML message markup
* Fri Jul 28 2017 chris@computersalat.de
- fix for boo#1050980
* php-mcrypt will be removed with php >= 7.2
* anyway not a dependency anymore since roundcube version 1.2
* Wed May 03 2017 michael@stroeder.com
- Update to 1.2.5 which fixes vulnerability in the virtualmin and
sasl drivers of the password plugin (CVE-2017-8114, bsc#1036955)
* Thu Mar 16 2017 aj@ajaissle.de
- Update to 1.2.4 [boo#1029035]
- Managesieve: Fix handling of scripts with nested rules (#5540)
- Managesieve: Fix parser issue with empty lines between comments (#5657)
- Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
- Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
- Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555)
- Enigma: Fix missing require statement for Crypt_GPG_KeyGenerator (#5641)
- Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544)
- Fix adding images to new identity signatures
- Fix rsync error handling in installto.sh script (#5562)
- Fix some advanced search issues with multiple addressbooks (#5572)
- Fix so group/addressbook selection is retained on page refresh
- Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
- Fix bug where external content in src attribute of input/video tags was not secured (#5583)
- Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587)
- Fix bug where mail content frame couldn't be reset in some corner cases (#5608)
- Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
- Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
- Fix regression where groups with email address were resolved to its members' addresses
- Fix update of group name in the contacts list header on group rename (#5648)
- Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
- Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655)
- Fix XSS issue in handling of a style tag inside of an svg element [CVE-2017-6820]
* Tue Nov 29 2016 aj@ajaissle.de
- Update to 1.2.3 [boo#1012493]
- Searching in both contacts and groups when LDAP addressbook with group_filters option is used
- Fix vulnerability in handling of mail()'s 5th argument [boo#1012493]
- Fix To: header encoding in mail sent with mail() method (#5475)
- Fix flickering of header topline in min-mode (#5426)
- Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447)
- Fix decoding of GB2312/GBK text when iconv is not installed (#5448)
- Fix regression where creation of default folders wasn't functioning without prefix (#5460)
- Enigma: Fix bug where last records on keys list were hidden (#5461)
- Enigma: Fix key search with keyword containing non-ascii characters (#5459)
- Fix bug where deleting folders with subfolders could fail in some cases (#5466)
- Fix bug where IMAP password could be exposed via error message (#5472)
- Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc, Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452)
- Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
- Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519)
- Fix missing content check when image resize fails on attachment thumbnail generation (#5485)
- Fix displaying attached images with wrong Content-Type specified (#5527)
* Wed Oct 05 2016 astieger@suse.com
- verify source signature
* Thu Sep 29 2016 aj@ajaissle.de
- Update to 1.2.2 [boo#1001856]
- Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent)
- Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371)
- Enigma: Make recipient key searches case-insensitive (#5434)
- Fix regression in resizing JPEG images with Imagick (#5376)
- Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
- Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370)
- Wash position:fixed style in HTML mail for better security (#5264) [boo#1001856]
- Fix bug where memcache_debug didn't work for session operations
- Fix bug where Message-ID domain part was tied to username instead of current identity (#5385)
- Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content
- Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401)
- Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404)
- Fix so "All" messages selection is resetted on search reset (#5413)
- Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
- Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400)
- Fix PHP warning when handling shared namespace with empty prefix (#5420)
- Fix so folders list is scrolled to the selected folder on page load (#5424)
- Fix so when moving to Trash we make sure the folder exists (#5192)
- Fix displaying size of attachments with zero size
- Fix so "Action disabled" error uses more appropriate 404 code (#5440)
* Thu Aug 11 2016 aj@ajaissle.de
- Update to 1.2.1
- Update TinyMCE to version 4.3.13 (#5309)
- Fix bug where errors could have been not logged when per_user_logging=true
- Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting
- Fix so minified publickey.js (with cache-buster) is used when available (#5254)
- Fix (replace) application/x-tar file extension test as it might not exist in nginx config (#5253)
- Fix PHP warning when password_hosts is set, but is not an array (#5260)
- Fix redundant keep-alive requests when session_lifetime is greater than ~20000 (#5273)
- Fix so subfolders of INBOX can be set as Archive (#5274)
- Fix bug where multi-folder search could choose a wrong folder in "this and subfolders" scope (#5282)
- Fix bug where multi-folder search didn't work for unsubscribed INBOX (#5259)
- Fix bug where "no body" alert could be displayed when sending mailvelope email
- Enigma: Fix keys import from inside of an encrypted message (#5285)
- Enigma: Fix malformed signed messages with force_7bit=true (#5292)
- Enigma: Add possibility to configure gpg binary location (enigma_pgp_binary)
- Enigma: Add possibility to export private keys (#5321)
- Fix searching by email address in contacts with multiple addresses (#5291)
- Fix handling of --delete argument in moduserprefs.sh script (#5296)
- Workaround PHP issue by calling closelog() on script shutdown when using log_driver=syslog (#5289)
- Fix so upgrade script makes sure program/lib directory does not contain old libraries (#5287)
- Fix subscription checkbox state on error in folder subscribe/unsubscribe action (#5243)
- Fix bug where microsecond format in logged date didn't work in some cases
- Fix conflict in new_user_dialog and password_force_new_user settings (#5275)
- Don't create multipart/alternative messages with empty text/plain part (#5283)
- Use contact_search_name format in popup on results in compose contacts search
- Fix handling of 'mailto' and 'error' arguments in message_before_send hook (#5347)
- Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
- Fix handling of blockquote tags with mixed case on html2text conversion (#5363)
- Fix javascript errors in IE on page with iframe that points to another domain
* Tue May 24 2016 opensuse@dstoecker.de
- update to version 1.2.0 [boo#982003] [CVE-2016-5103]
PHP7 compatibility
PGP encryption
Drag-n-drop attachments from mail preview to compose window
Mail messages searching with predefined date interval
Improved security measures to protect from brute-force attacks
And of course plenty of small improvements and bug fixes.
* Mon Apr 25 2016 lars@linux-schulserver.de
- Update to 1.1.5
Plugin API: Add html2text hook
Plugin API: Added addressbook_export hook
Fix missing emoticons on html-to-text conversion
Fix random "access to this resource is secured against CSRF" message at logout (#4956)
Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
Fix XSS issue in SVG images handling (#4949)
Fix (again) security issue in DBMail driver of password plugin CVE-2015-2181
Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961)
Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964)
Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
Hide DSN option in Preferences when smtp_server is not used (#4967)
Protect download urls against CSRF using unique request tokens (#4957)
newmail_notifier: Refactor desktop notifications
Fix so contactlist_fields option can be set via config file
Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
Fix performance in reverting order of THREAD result
Fix converting mail addresses with @www. into mailto links (#5197)
* Fri Feb 05 2016 aj@ajaissle.de
- Added "Suggests:" for apache2
* Fri Jan 15 2016 aj@ajaissle.de
- Changed apache2 config
* Thu Dec 31 2015 lars@linux-schulserver.de
- Update to 1.1.4
Add workaround for ?https://bugs.php.net/bug.php?id=70757 (#1490582)
Fix duplicate messages in list and wrong count after delete (#1490572)
Fix so Installer requires PHP5
Make brute force attacks harder by re-generating security token on every failed login (#1490549)
Slow down brute-force attacks by waiting for a second after failed login (#1490549)
Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
Fix mail view scaling on iOS (#1490551)
Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
Fix responses list update issue after response name change (#1490555)
Fix bug where message preview was unintentionally reset on check-recent action (#1490563)
Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
Fix redundant blank lines when using HTML and top posting (#1490576)
Fix redundant blank lines on start of text after html to text conversion (#1490577)
Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
Fix invalid LDAP query in ACL user autocompletion (#1490591)
Fix regression in displaying contents of message/rfc822 parts (#1490606)
Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
Fix PDF support detection in Firefox > 19 (#1490610)
Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) [CVE-2015-8770] [bnc#962067]
Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
- explicitely add required PHP packages (according to INSTALL):
+ php-dom, php-json, php-sockets
- also recommend additional PHP packages:
+ php-zip, php-pear-Crypt_GPG
- use generic php- prefix also for recommended packages (no explicit php5-)
- no Dockerfile readme any more
* Fri Oct 23 2015 aj@ajaissle.de
- Changed roundcubemail-httpd.conf
- Enable mod_version.c per default [boo#938840]