Results 1 to 9 of 9

Thread: Roundcube 1.3.6 released

  1. #1
    Join Date
    Nov 2009
    Location
    São Paulo - Brazil
    Posts
    167

    Roundcube 1.3.6 released

    This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846.

    Additionally, we back-ported some minor fixes from the master branch which improve PHP 7.2 compatibility as well as PGP signing and key handling for those who use the Enigma plugin. See the complete changelog below.

    https://roundcube.net/news/2018/04/1...y-update-1.3.6

    CHANGELOG

    Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216)
    Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234)
    Fix possible IMAP command injection and type juggling vulnerabilities (#6229)
    Enigma: Fix key selection for signing
    Enigma: Enable keypair generation on Internet Explorer 11
    Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
    Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224)

  2. #2
    Thanks,

    It's available on files1.
    Other mirrors should be synced within 24 hours.

    John

  3. #3
    Join Date
    Mar 2014
    Posts
    71
    After update I have blank white page on all domains (/roundcube) so I have to degraded to 1.3.5 and works... check this please.

  4. #4
    Join Date
    May 2014
    Posts
    90
    Quote Originally Posted by ShinJii View Post
    After update I have blank white page on all domains (/roundcube) so I have to degraded to 1.3.5 and works... check this please.
    Do you use PHP-FPM? Then you have to restart PHP-FPM after building Roundcube 1.3.6! (Otherwise, the cache is Roundcube 1.3.5) Does it work?

  5. #5
    Join Date
    Mar 2014
    Posts
    71
    Quote Originally Posted by dave097 View Post
    Do you use PHP-FPM? Then you have to restart PHP-FPM after building Roundcube 1.3.6! (Otherwise, the cache is Roundcube 1.3.5) Does it work?
    Yes now it works! Thanks, I didn't know that because I'm using php-fpm for first time since maybe 2 weeks I have to do this everytime when I update webapps in custombuild?

  6. #6
    Martynas has just added a quick change, where after RoundCube is installed, if opCache is enabled, then the corresponding service (php-fpm, or httpd for php cli, or litespeed) will be restarted, to clear the opCache cache. On files1 in CB2 rev 1853.

    John

  7. #7
    Join Date
    Apr 2009
    Posts
    2,170
    @DirectAdmin Support, It is enough to reload Apache or PHP-FPM in order to empty OPcache, it is not needed to restart those services to clear OPcache. Please change it to reload instead of restart, or give us a option to disable the restart in options.conf. Thanks.

  8. #8
    Looking at the diff, it is using a reload already

    if [ "${OPCACHE_OPT}" = "yes" ]; then
    if [ "${PHP1_MODE_OPT}" = "php-fpm" ]; then
    echo "Reloading php-fpm${PHP1_SHORTRELEASE}."
    control_service php-fpm${PHP1_SHORTRELEASE} reload
    elif [ "${WEBSERVER_OPT}" = "apache" ] || [ "${WEBSERVER_OPT}" = "nginx_apache" ]; then
    echo "Reloading apache."
    control_service httpd reload
    elif [ "${WEBSERVER_OPT}" = "litespeed" ]; then
    echo "Reloading litespeed."
    control_service litespeed reload
    fi
    fi
    John

  9. #9
    Join Date
    May 2014
    Posts
    90
    Quote Originally Posted by DirectAdmin Support View Post
    Martynas has just added a quick change, where after RoundCube is installed, if opCache is enabled, then the corresponding service (php-fpm, or httpd for php cli, or litespeed) will be restarted, to clear the opCache cache. On files1 in CB2 rev 1853.

    John
    Thanks for adding Martynas and John!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •