Roundcube v1.3.10 Release Notes
Release Date: 2019-08-28 // over 4 years ago-
🚀 This is a service release to update the stable version 1.3 of Roundcube Webmail.
🔒 It contains fixes to several bugs backported from the master branch including minor security fixes around CSS and HTML cleanup. See the complete changelog below.⚡️ This version in considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating!
🔄 CHANGELOG
- Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
- 🛠 Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785)
- 🛠 Fix bug where bmp images couldn't be displayed on some systems (#6728)
- 🛠 Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
- 🛠 Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
- 📜 Fix bug in
rcube_utils::parse_hosts()where %t, %d, %z could return only tld (#6746) - 🛠 Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)
- 🛠 Fix bug where selection of columns on messages list wasn't working
- 🛠 Fix bug in converting multi-page Tiff images to Jpeg (#6824)
- 🛠 Fix wrong messages order after returning to a multi-folder search result (#6836)
- 🛠 Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)
- 🛠 Fix bug where it was possible to bypass the
position:fixedCSS check in received messages (#6898) - 🛠 Fix bug where some strict remote URIs in
url()style were unintentionally blocked (#6899) - 🛠 Fix bug where it was possible to bypass the CSS jail in HTML messages using
:rootpseudo-class (#6897) - 🛠 Fix bug where it was possible to bypass
hrefURI check withdata:application/xhtml+xmlURIs (#6896)