Dirk Stoecker
6ac8473f42
This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v. - CHANGELOG * Managesieve: Fix match-type selector (remove unsupported options) in delete header action (#9610) * Improve installer to fix confusion about disabling SMTP authentication (#9801) * Fix PHP warning in index.php (#9813) * OAuth: Fix/improve token refresh * Fix dark mode bug where wrong colors were used for blockquotes in HTML mail preview (#9820) * Fix HTML message preview if it contains floating tables (#9804) * Fix removing/expiring redis/memcache records when using a key prefix * Fix bug where a wrong SPECIAL-USE folder could have been detected, if there were more than one per-type (#9781) * Fix a default value and documentation of password_ldap_encodage option (#9658) * Remove mobile/floating Create button from the list in Settings > Folders (#9661) * Fix Delete and Empty buttons state while creating a folder (#9047) * Fix connecting to LDAP using ldapi:// URI (#8990) * Fix cursor position on "below the quote" reply in HTML mode (#8700) * Fix bug where attachments with content type of application/vnd.ms-tnef were not parsed (#7119) OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=179
This README contains additional information specific to the
openSUSE package of roundcube.
INSTALLATION
============
This application is packaged to integrate with Apache and MySQL but
it can basically run with every webserver being able to run PHP and
also use other SQL based database engines.
After installation of the package the application will immediately
be reachable from everywhere once Apache is enabled under the URL
http://IP-ADDRESS/roundcubemail
The configuration is copied from the example config files from the
package and therefore not really working.
First step is to prepare the MySQL database for Roundcube:
Setting up the mysql database can be done by creating an empty database,
importing the table layout and granting the proper permissions to the
roundcube user. Here is an example of that procedure:
# mysql
> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost' IDENTIFIED BY 'password';
> FLUSH PRIVILEGES;
> quit
# mysql roundcubemail < /usr/share/doc/packages/roundcubemail/SQL/mysql.initial.sql
Note 1: 'password' is the master password for the roundcube user. It is strongly
recommended you replace this with a more secure password. Please keep in
mind: You need to specify this password later in '/etc/roundcubemail/config.inc.php'.
To use the integrated web based installer you need to enable it first
in /etc/roundcubemail/config.inc.php:
$rcmail_config['enable_installer'] = true;
IMPORTANT: This MUST be disabled again after installation is finished
for SECURITY reasons
and then access
http://IP-ADDRESS/roundcubemail/installer
to finish the installation.