Back
Current Directory
/var/softaculous/roundcube
Type Name Operations
images Open
php53 Open
php56 Open
php71 Open
php81 Open
php82 Open
changelog.txt
Edit Get
clone.php
Edit Get
config.inc.php
Edit Get
fileindex.php
Edit Get
import.php
Edit Get
info.xml
Edit Get
install.js
Edit Get
install.php
Edit Get
install.xml
Edit Get
md5
Edit Get
notes.txt
Edit Get
remove.php
Edit Get
upgrade.php
Edit Get
upgrade.xml
Edit Get

File Transfer

Upload files to current directory

File Editor: changelog.txt

## Release 1.6.15 - Fix regression where mail search would fail on non-ascii search criteria (#10121) - Fix regression where some data url images could get ignored/lost (#10128) - Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke ## Release 1.6.14 - Fix Postgres connection using IPv6 address (#10104) - Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler - Security: Fix bug where a password could get changed without providing the old password - Security: Fix IMAP Injection + CSRF bypass in mail search - Security: Fix remote image blocking bypass via various SVG animate attributes - Security: Fix remote image blocking bypass via a crafted body background attribute - Security: Fix fixed position mitigation bypass via use of !important - Security: Fix XSS issue in a HTML attachment preview - Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts ## Release 1.6.13 - Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) - Fix remote image blocking bypass via SVG content reported by nullcathedral - Fix CSS injection vulnerability reported by CERT Polska ## Release 1.6.12 - Support IPv6 in database DSN (#9937) - Don't force specific error_reporting setting - Fix compatibility with PHP 8.5 regarding array_first() - Remove X-XSS-Protection example from .htaccess file (#9875) - Fix "Assign to group" action state after creation of a first group (#9889) - Fix bug where contacts search would fail if `contactlist_fields` contained vcard fields (#9850) - Fix bug where an mbox export file could include inconsistent message delimiters (#9879) - Fix parsing of inline styles that aren't well-formatted (#9948) - Fix Cross-Site-Scripting vulnerability via SVG's animate tag - Fix Information Disclosure vulnerability in the HTML style sanitizer ## Release 1.6.11 - Managesieve: Fix match-type selector (remove unsupported options) in delete header action (#9610) - Improve installer to fix confusion about disabling SMTP authentication (#9801) - Fix PHP warning in index.php (#9813) - OAuth: Fix/improve token refresh - Fix dark mode bug where wrong colors were used for blockquotes in HTML mail preview (#9820) - Fix HTML message preview if it contains floating tables (#9804) - Fix removing/expiring redis/memcache records when using a key prefix - Fix bug where a wrong SPECIAL-USE folder could have been detected, if there were more than one per-type (#9781) - Fix a default value and documentation of password_ldap_encodage option (#9658) - Remove mobile/floating Create button from the list in Settings > Folders (#9661) - Fix Delete and Empty buttons state while creating a folder (#9047) - Fix connecting to LDAP using ldapi:// URI (#8990) - Fix cursor position on "below the quote" reply in HTML mode (#8700) - Fix bug where attachments with content type of `application/vnd.ms-tnef` were not parsed (#7119) - Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v