+ full PHP8 support
+ Dark mode for Elastic skin
+ OAuth2/XOauth support (with plugin hooks)
+ Collected recipients and trusted senders
+ Moving recipients between inputs with drag & drop
+ Full unicode support with MySQL database
+ Support of IMAP LITERAL- extension RFC 7888
<https://datatracker.ietf.org/doc/html/rfc7888>
+ Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231>
encoded names
+ Cache refactoring
More at https://github.com/roundcube/roundcubemail/releases/tag/1.5.0
- adjusted some file names to new release
(_styles.less -> styles.less; _variables.less -> variables.less;
CHANGELOG -> CHANGELOG.md)
- vendor/roundcube/plugin-installer/src/bin/rcubeinitdb.sh does not exist
any longer
- added SECURITY.md to documentation
- mark the whole documentation directory as documentation instead of
listing some files and others not (avoid duplicate entries in RPM-DB)
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=154
- update to 1.4.10:
* Stored cross-site scripting (XSS) via HTML or plain text messages
with malicious content ( CVE-2020-35730 boo#1180399 )
* Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655)
* Fix folder list issue when special folder is a subfolder (#7647)
* Fix Elastic's folder subscription toggle in search result (#7653)
* Fix state of subscription toggle on folders list after changing
folder state from the search result (#7653)
* Security: Fix cross-site scripting (XSS) via HTML or plain text
messages with malicious content
OBS-URL: https://build.opensuse.org/request/show/858987
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/roundcubemail?expand=0&rev=69
* Stored cross-site scripting (XSS) via HTML or plain text messages
with malicious content [CVE-2020-35730]
* Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655)
* Fix folder list issue when special folder is a subfolder (#7647)
* Fix Elastic's folder subscription toggle in search result (#7653)
* Fix state of subscription toggle on folders list after changing
folder state from the search result (#7653)
* Security: Fix cross-site scripting (XSS) via HTML or plain text
messages with malicious content
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=150
- finally renamed roundcubemail-1.4.8-config_dir.patch to
roundcubemail-config_dir.patch to avoid additional roundtrip
times with each submission:
+ removed roundcubemail-1.4.7-config_dir.patch
+ added roundcubemail-config_dir.patch
- update to 1.4.8 with security fixes:
* Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145)
* Fix cross-site scripting (XSS) via HTML messages with malicious math content
OBS-URL: https://build.opensuse.org/request/show/826894
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/roundcubemail?expand=0&rev=66
- update to 1.4.7 with security fix:
* Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace
* Fix bug where subfolders of special folders could have been duplicated on folder list
* Increase maximum size of contact jobtitle and department fields to 128 characters
* Fix missing newline after the logged line when writing to stdout (#7418)
* Elastic: Fix context menu (paste) on the recipient input (#7431)
* Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
* Fix problem with handling attached images with same name when using
database_attachments/redundant_attachments (#7455)
OBS-URL: https://build.opensuse.org/request/show/818992
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=143
- update to 1.4.5
Security fixes
* Fix XSS issue in template object 'username' (#7406)
* Fix cross-site scripting (XSS) via malicious XML attachment
* Fix a couple of XSS issues in Installer (#7406)
* Better fix for CVE-2020-12641
Other changes
* Fix bug in extracting required plugins from composer.json that led
to spurious error in log (#7364)
* Fix so the database setup description is compatible with MySQL 8 (#7340)
* Markasjunk: Fix regression in jsevent driver (#7361)
* Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
* Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367)
* Password: Fix issue with Modoboa driver (#7372)
* Mailvelope: Use sender's address to find pubkeys to check signatures (#7348)
* Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
* Fix PHP warning: count(): Parameter must be an array or an object...
in ID command handler (#7392)
* Fix error when user-configured skin does not exist anymore (#7271)
* Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
* Fix bug where PDF attachments marked as inline could have not been
attached on mail forward (#7382)
* Security: Fix a couple of XSS issues in Installer (#7406)
* Security: Fix XSS issue in template object 'username' (#7406)
* Security: Fix cross-site scripting (XSS) via malicious XML attachment
* Security: Better fix for CVE-2020-12641
- renamed roundcubemail-1.4.4-config_dir.patch to
roundcubemail-1.4.5-config_dir.patch
OBS-URL: https://build.opensuse.org/request/show/811037
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=139
- update to 1.4.3
* Enigma: Fix so key list selection is reset when opening key creation form (#7154)
* Enigma: Fix so using list checkbox selection does not load the key preview frame
* Enigma: Fix generation of key pairs for identities with IDN domains (#7181)
* Enigma: Display IDN domains of key users and identities in UTF8
* Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205)
* Managesieve: Fix bug where it wasn't possible to save flag actions (#7188)
* Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137)
* Password: Make chpass-wrapper.py Python 3 compatible (#7135)
* Elastic: Fix disappearing sidebar in mail compose after clicking Mail button
* Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose
* Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143)
* Elastic: Fix text selection in recipient inputs (#7129)
* Elastic: Fix missing Close button in "more recipients" dialog
* Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174)
* Fix regression where "Open in new window" action didn't work (#7155)
* Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165)
* Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923)
* Fix recipient duplicates in print-view when the recipient list has been expanded (#7169)
* Fix bug where files in skins/ directory were listed on skins list (#7180)
* Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117)
* Fix display issues with mail subject that contains line-breaks (#7191)
* Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170)
* Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196)
* Fix using unix:///path/to/socket.file in memcached driver (#7210)
- adjusted/renamed roundcubemail-1.4.2-config_dir.patch to
roundcubemail-1.4.3-config_dir.patch
OBS-URL: https://build.opensuse.org/request/show/778032
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/roundcubemail?expand=0&rev=61
- update to 1.4.2:
* Plugin API: Make actionbefore, before, actionafter and after
events working with plugin actions (#7106)
* Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028)
* Managesieve: Fix so modifier type select wasn't hidden after hiding
modifier select on header change
* Managesieve: Fix filter selection after removing a first filter (#7079)
* Markasjunk: Fix marking more than one message as spam/ham with
email_learn driver (#7121)
* Password: Fix kpasswd and smb drivers' double-escaping bug (#7092)
* Enigma: Add script to import keys from filesystem to the db
storage (for multihost)
* Installer: Fix DB Write test on SQLite database
("database is locked" error) (#7064)
* Installer: Fix so SQLite DSN with a relative path to the database
file works in Installer
* Elastic: Fix contrast of warning toasts (#7058)
* Elastic: Simple search in pretty selects (#7072)
* Elastic: Fix hidden list widget on mobile/tablet when selecting
folder while search menu is open (#7120)
* Fix so type attribute on script tags is not used on HTML5 pages (#6975)
* Fix unread count after purge on a folder that is not currently selected (#7051)
* Fix bug where Enter key didn't work on messages list in "List" layout (#7052)
* Fix bug where deleting a saved search in addressbook caused
display issue on sources/groups list (#7061)
* Fix bug where a new saved search added after removing all searches
wasn't added to the list (#7061)
* Fix bug where a new contact group added after removing all groups
from addressbook wasn't added to the list
* Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
OBS-URL: https://build.opensuse.org/request/show/761569
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/roundcubemail?expand=0&rev=59
