Roundcube Webmail has released version 1.6.11, which serves as a security update for the stable 1.6 series. This update specifically targets recent security vulnerabilities, including a significant post-authentication remote code execution (RCE) threat resulting from PHP object deserialization. The 1.6.11 version improves several functionalities, including the match-type selector in the delete header action, enhances the installation process to clarify SMTP authentication settings, and resolves a PHP warning in the index.php file. Additionally, it optimizes the token refresh mechanism.
The update also addresses various bugs, particularly those affecting dark mode and HTML message previews, and corrects inaccuracies in the detection of SPECIAL-USE folders. Notably, the mobile and floating Create buttons have been removed, and improvements have been made to LDAP connection handling.
Roundcube Webmail 1.6.11 is recommended for all productive installations running version 1.6.x, with a strong emphasis on backing up data prior to updating. The changelog includes numerous fixes, such as resolving issues with the display of blockquotes in dark mode, handling floating tables in HTML messages, and ensuring proper functionality of the delete/empty buttons during folder creation.
Extended Overview:
This update is part of Roundcube's ongoing commitment to improve security and user experience. Users of Roundcube Webmail are encouraged to stay current with updates to protect against emerging vulnerabilities. The focus on security, particularly the remediation of RCE vulnerabilities, highlights the importance of maintaining robust security measures in webmail applications. Future updates may continue to enhance user interfaces, improve accessibility features, and further tighten security protocols, ensuring that Roundcube remains a reliable choice for email management. Users should regularly check for updates and consider participating in community discussions to stay informed about best practices and new features
The update also addresses various bugs, particularly those affecting dark mode and HTML message previews, and corrects inaccuracies in the detection of SPECIAL-USE folders. Notably, the mobile and floating Create buttons have been removed, and improvements have been made to LDAP connection handling.
Roundcube Webmail 1.6.11 is recommended for all productive installations running version 1.6.x, with a strong emphasis on backing up data prior to updating. The changelog includes numerous fixes, such as resolving issues with the display of blockquotes in dark mode, handling floating tables in HTML messages, and ensuring proper functionality of the delete/empty buttons during folder creation.
Extended Overview:
This update is part of Roundcube's ongoing commitment to improve security and user experience. Users of Roundcube Webmail are encouraged to stay current with updates to protect against emerging vulnerabilities. The focus on security, particularly the remediation of RCE vulnerabilities, highlights the importance of maintaining robust security measures in webmail applications. Future updates may continue to enhance user interfaces, improve accessibility features, and further tighten security protocols, ensuring that Roundcube remains a reliable choice for email management. Users should regularly check for updates and consider participating in community discussions to stay informed about best practices and new features
Roundcube Webmail 1.6.11 released
Roundcube Webmail 1.6.11 has been released as a security update for the stable version 1.6, focusing on recent vulnerabilities, including post-auth RCE through PHP object deserialization. The update addresses the match-type selector in the delete header action, enhances the installer, resolves a PHP warning in index.php, and optimizes the token refresh process. The update also resolves bugs related to dark mode, addresses HTML message preview issues, and corrects inaccuracies in SPECIAL-USE folder detection. The update additionally eliminates the mobile/floating Create button, as well as the Delete and Empty buttons, and addresses issues related to LDAP connections.
