security update in Fedora EPEL 7 for roundcubemail

Status: stable 3 years ago

Release 1.1.4

  • Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582)
  • Fix duplicate messages in list and wrong count after delete (#1490572)
  • Fix so Installer requires PHP5
  • Make brute force attacks harder by re-generating security token on every failed login (#1490549)
  • Slow down brute-force attacks by waiting for a second after failed login (#1490549)
  • Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
  • Fix mail view scaling on iOS (#1490551)
  • Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
  • Fix responses list update issue after response name change (#1490555)
  • Fix bug where message preview was unintentionally reset on check-recent action (#1490563)
  • Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
  • Fix redundant blank lines when using HTML and top posting (#1490576)
  • Fix redundant blank lines on start of text after html to text conversion (#1490577)
  • Fix HTML sanitizer to skip in output (#1490583)
  • Fix invalid LDAP query in ACL user autocompletion (#1490591)
  • Fix regression in displaying contents of message/rfc822 parts (#1490606)
  • Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
  • Fix PDF support detection in Firefox > 19 (#1490610)
  • Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620)
  • Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)

Packaging changes:

  • add .log suffix to all log file names, and rotate them all (may requires to switch back to provided logrotate configuration)

Comments 7

This update has been submitted for testing by remi.

This update has been pushed to testing.

Works for me in basic testing

karma: +1 #1269164: +1 #1269155: +1

Seems fine

karma: +1 #1269164: +1 #1269155: +1

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by remi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Autopush (time)
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 2

0+2 #1269155 Insecure permissions of /var/lib/roundcubemail and /var/log/roundcubemail
0+2 #1269164 Logrotate configuration /etc/logrotate.d/roundcubemail is incomplete and should not contain "create"

Automated Test Results