Roundcube has officially released its second release candidate, RC2, for the much-anticipated version 1.7. This update primarily focuses on addressing significant issues that emerged since the launch of the first release candidate, making it crucial for users to test the new version.
Among the key improvements, Roundcube 1.7 RC2 has resolved two notable security vulnerabilities. The first was a cross-site scripting (XSS) issue related to the handling of specific SVG animations. This vulnerability was identified by a contributor from CrowdStrike, prompting swift action from developer Valentin T. to report it on GitHub. Additionally, an update to the core HTML style sanitizer has been implemented to mitigate information disclosure risks, thanks to another anonymous developer's alert.
For users operating with Postgres databases, a long-standing syntax error in the data definition language (DDL) scripts used for database migration has been addressed, marking a significant advancement towards finalizing version 1.7. However, users are still encouraged to conduct thorough testing on their end before fully transitioning to this release candidate.
If you're considering an upgrade from an earlier version of Roundcube, it's important to keep this release candidate in mind. The migration scripts included should facilitate a smooth transition, but users should always ensure they back up their data prior to installation.
In summary, Roundcube 1.7 RC2 represents a pivotal step in the development of the upcoming version, with critical security fixes and enhancements for database users, reinforcing the importance of community contributions in the software's evolution. As the final version approaches, users are urged to stay engaged with testing and feedback
Among the key improvements, Roundcube 1.7 RC2 has resolved two notable security vulnerabilities. The first was a cross-site scripting (XSS) issue related to the handling of specific SVG animations. This vulnerability was identified by a contributor from CrowdStrike, prompting swift action from developer Valentin T. to report it on GitHub. Additionally, an update to the core HTML style sanitizer has been implemented to mitigate information disclosure risks, thanks to another anonymous developer's alert.
For users operating with Postgres databases, a long-standing syntax error in the data definition language (DDL) scripts used for database migration has been addressed, marking a significant advancement towards finalizing version 1.7. However, users are still encouraged to conduct thorough testing on their end before fully transitioning to this release candidate.
If you're considering an upgrade from an earlier version of Roundcube, it's important to keep this release candidate in mind. The migration scripts included should facilitate a smooth transition, but users should always ensure they back up their data prior to installation.
In summary, Roundcube 1.7 RC2 represents a pivotal step in the development of the upcoming version, with critical security fixes and enhancements for database users, reinforcing the importance of community contributions in the software's evolution. As the final version approaches, users are urged to stay engaged with testing and feedback
Roundcube 1.7 RC2 released
Roundcube has released its second release candidate for version 1.7, focusing on resolving serious issues discovered since the first release candidate dropped. Two security problems were addressed: a cross-site scripting vulnerability and an update to prevent information disclosure, both thanks to contributions from outside developers. For Postgres users, the developer fixed a long-standing syntax error in database migration scripts, a significant step towards making 1.7 ready for prime time.
