FEDORA-2020-35e12da5fe created by remi 8 months ago for Fedora 31
stable

Version 1.4.4

This is a service and security update to the stable version 1.4 of Roundcube Webmail. It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker.

  • Fix bug where attachments with Content-Id were attached to the message on reply (#7122)
  • Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211)
  • Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230)
  • Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231)
  • Elastic: Fix color of a folder with recent messages (#7281)
  • Elastic: Restrict logo size in print view (#7275)
  • Fix invalid Content-Type for messages with only html part and inline images - Mail_Mime-1.10.7 (#7261)
  • Fix missing contact display name in QR Code data (#7257)
  • Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246)
  • Fix regression in testing database schema on MSSQL (#7227)
  • Fix cursor position after inserting a group to a recipient input using autocompletion (#7267)
  • Fix string literals handling in IMAP STATUS (and various other) responses (#7290)
  • Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293)
  • Fix handling keyservers configured with protocol prefix (#7295)
  • Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189)
  • Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206)
  • Fix so imap error message is displayed to the user on folder create/update (#7245)
  • Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147)
  • Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312)
  • Fix characters encoding in group rename input after group creation/rename (#7330)
  • Fix bug where some message/rfc822 parts could not be attached on forward (#7323)
  • Make install-jsdeps.sh script working without the 'file' program installed (#7325)
  • Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331)
  • Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
  • Security: Fix XSS issue in handling of CDATA in HTML messages
  • Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
  • Security: Fix local file inclusion (and code execution) via crafted 'plugins' option
  • Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)

How to install

sudo dnf upgrade --advisory=FEDORA-2020-35e12da5fe

This update has been submitted for testing by remi.

8 months ago

This update's test gating status has been changed to 'waiting'.

8 months ago

This update's test gating status has been changed to 'ignored'.

8 months ago

This update has been pushed to testing.

7 months ago

This update can be pushed to stable now if the maintainer wishes

7 months ago

This update has been submitted for stable by bodhi.

7 months ago

This update has been pushed to stable.

7 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
8 months ago
in testing
7 months ago
in stable
7 months ago

Automated Test Results