From 055ac076630241afe3464c09e2dd37886a497a47 Mon Sep 17 00:00:00 2001 From: davDevOps <49919035+davDevOps@users.noreply.github.com> Date: Tue, 23 Feb 2021 13:53:19 -0800 Subject: [PATCH] Update roundcube to 1.4.11 roundcube Bug Fixes: Fix for Cross-Site Scripting (XSS) via HTML messages with malicious CSS content General Improvements from roundcube's Issue Tracker --- CHANGELOG.md | 10 +++++++++- setup/webmail.sh | 9 +++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a7d548f..4c1de5f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,13 +1,21 @@ CHANGELOG ========= +In Development +-------------- + +Software updates: + +* Upgraded Roundcube to version 1.4.11 addressing a security issue, and its desktop notifications plugin. +* Upgraded Z-Push (for Exchange/ActiveSync) to version 2.6.2. + v0.52 (January 31, 2021) ------------------------ Software updates: * Upgraded Roundcube to version 1.4.10. -* Upgraded zpush to 2.6.1. +* Upgraded Z-Push to 2.6.1. Mail: diff --git a/setup/webmail.sh b/setup/webmail.sh index de4ca52..912bd5e 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -28,10 +28,11 @@ apt_install \ # Install Roundcube from source if it is not already present or if it is out of date. # Combine the Roundcube version number with the commit hash of plugins to track # whether we have the latest version of everything. -VERSION=1.4.10 -HASH=36b2351030e1ebddb8e39190d7b0ba82b1bbec1b -PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435 -HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5 + +VERSION=1.4.11 +HASH=3877f0e70f29e7d0612155632e48c3db1e626be3 +PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435 # version 5.2.0 +HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+ CARDDAV_VERSION=3.0.3 CARDDAV_HASH=d1e3b0d851ffa2c6bd42bf0c04f70d0e1d0d78f8