forked from pool/roundcubemail
Aeneas Jaißle
482045f6a9
- update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] - For further changes, see https://github.com/roundcube/roundcubemail/releases/tag/1.6.8 OBS-URL: https://build.opensuse.org/request/show/1191891 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=174
14 lines
555 B
Diff
14 lines
555 B
Diff
Index: roundcubemail-1.4.8/program/include/iniset.php
|
|
===================================================================
|
|
--- roundcubemail-1.4.8.orig/program/include/iniset.php
|
|
+++ roundcubemail-1.4.8/program/include/iniset.php
|
|
@@ -28,7 +28,7 @@ if (!defined('INSTALL_PATH')) {
|
|
}
|
|
|
|
if (!defined('RCMAIL_CONFIG_DIR')) {
|
|
- define('RCMAIL_CONFIG_DIR', getenv('ROUNDCUBE_CONFIG_DIR') ?: (INSTALL_PATH . 'config'));
|
|
+ define('RCMAIL_CONFIG_DIR', getenv('ROUNDCUBE_CONFIG_DIR') ?: '/etc/roundcubemail');
|
|
}
|
|
|
|
if (!defined('RCUBE_LOCALIZATION_DIR')) {
|