JARVIS
Der beliebte Webmailer, Roundcube, erhielt in den LTS Zweigen 1.4 und 1.3, das Sicherheitsupdate 1.4.5 und 1.3.12. Dieses schließt 4 weniger kritische Sicherheitslücken, und behebt diverse Fehler.
Roundcube 1.4.5 Release Notes
Security fixes
- Fix XSS issue in template object ‘username’ (#7406)
- Fix cross-site scripting (XSS) via malicious XML attachment
- Fix a couple of XSS issues in Installer (#7406)
- Better fix for
CVE-2020-12641
The latter two vulnerabilities again are related to public access to the Roundcube installer
and are therefore classified minor.
This version is considered stable and we recommend to update all productive installations
of Roundcube with it. Please do backup your data before updating!
CHANGELOG
- Fix bug in extracting required plugins from
composer.jsonthat led to spurious error in log (#7364) - Fix so the database setup description is compatible with MySQL 8 (#7340)
- Markasjunk: Fix regression in jsevent driver (#7361)
- Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
- Fix default keyservers (use
keys.openpgp.org), add note about CORS (#7373, #7367) - Password: Fix issue with Modoboa driver (#7372)
- Mailvelope: Use sender’s address to find pubkeys to check signatures (#7348)
- Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
- Fix PHP warning: count(): Parameter must be an array or an object… in ID command handler (#7392)
- Fix error when user-configured skin does not exist anymore (#7271)
- Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
- Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382)
- Security: Fix a couple of XSS issues in Installer (#7406)
- Security: Fix XSS issue in template object ‘username’ (#7406)
- Security: Fix cross-site scripting (XSS) via malicious XML attachment
- Security: Better fix for
CVE-2020-12641
Quelle: https://github.com/roundcube/roundcubemail/releases/tag/1.4.5
Roundcube 1.3.12 Release Notes
Security fixes
- Fix XSS issue in template object ‘username’ (#7406)
- Fix cross-site scripting (XSS) via malicious XML attachment
- Fix a couple of XSS issues in Installer (#7406)
- Better fix for
CVE-2020-12641
The latter two vulnerabilities again are related to public access to the Roundcube installer
and are therefore classified minor.
This version in considered stable and we recommend to update all productive installations
of Roundcube 1.3.x with it. Please do backup your data before updating!
CHANGELOG
- Security: Better fix for CVE-2020-12641
- Security: Fix XSS issue in template object ‘username’ (#7406)
- Security: Fix couple of XSS issues in Installer (#7406)
- Security: Fix cross-site scripting (XSS) via malicious XML attachment
Quelle: https://github.com/roundcube/roundcubemail/releases/tag/1.3.12
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.