Roundcube v1.3.8 Release Notes

Release Date: 2018-10-26 // almost 4 years ago
  • ๐Ÿš€ This is a service release to update the stable version 1.3 of Roundcube Webmail.
    โšก๏ธ It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability plus updates to ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot and MySQL 8. See the complete changelog below.


    • ๐Ÿ›  Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
    • ๐Ÿ›  Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
    • Enigma: Fix deleting keys with authentication subkeys (#6381)
    • ๐Ÿ›  Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
    • ๐Ÿ›  Fix so Classic skin splitter does not escape out of window (#6397)
    • ๐Ÿ›  Fix XSS issue in handling invalid style tag content (#6410)
    • ๐Ÿ›  Fix compatibility with MySQL 8 - error on 'system' table use
    • Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
    • ๐Ÿ‘‰ New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
    • Fix support for "allow-from " in x_frame_options config option (#6449)
    • ๐Ÿ›  Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
    • ๐Ÿ›  Fix multiple VCard field search (#6466)
    • ๐Ÿ›  Fix session issue on long running requests (#6470)