From 891de8d6c3f35eb85d6c396c97c0d9f7d08435b8 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Wed, 26 Aug 2020 14:10:04 -0400 Subject: [PATCH 1/2] Upgrade Roundcube to 1.4.8 Merges #1809 --- CHANGELOG.md | 7 +++++++ setup/webmail.sh | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e9b8b759..691eb228 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ CHANGELOG ========= +In Development +-------------- + +Security fixes: + +* Roundcube is updated to version 1.4.8 fixing additional cross-site scripting (XSS) vulnerabilities. + v0.47 (July 29, 2020) --------------------- diff --git a/setup/webmail.sh b/setup/webmail.sh index f2202244..1e7d0083 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -28,8 +28,8 @@ apt_install \ # Install Roundcube from source if it is not already present or if it is out of date. # Combine the Roundcube version number with the commit hash of plugins to track # whether we have the latest version of everything. -VERSION=1.4.7 -HASH=49F194D25AC7B9BF175BD52285BB61CDE7BAED44 +VERSION=1.4.8 +HASH=3a6824fd68fef2e0d24f186cfbee5c6f9d6edbe9 PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435 HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5 CARDDAV_VERSION=3.0.3 From 62db58eaafe5bba7a8575a6c1a0ef1a4423a4610 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Wed, 26 Aug 2020 14:11:01 -0400 Subject: [PATCH 2/2] v0.48 --- CHANGELOG.md | 4 ++-- README.md | 4 ++-- setup/bootstrap.sh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 691eb228..38fb419b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,8 @@ CHANGELOG ========= -In Development --------------- +v0.48 (August 26, 2020) +----------------------- Security fixes: diff --git a/README.md b/README.md index 5ef58a29..d0caabd8 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ by him: $ curl -s https://keybase.io/joshdata/key.asc | gpg --import gpg: key C10BDD81: public key "Joshua Tauberer " imported - $ git verify-tag v0.47 + $ git verify-tag v0.48 gpg: Signature made ..... using RSA key ID C10BDD81 gpg: Good signature from "Joshua Tauberer " gpg: WARNING: This key is not certified with a trusted signature! @@ -71,7 +71,7 @@ and on his [personal homepage](https://razor.occams.info/). (Of course, if this Checkout the tag corresponding to the most recent release: - $ git checkout v0.47 + $ git checkout v0.48 Begin the installation. diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh index 098de977..debe572b 100644 --- a/setup/bootstrap.sh +++ b/setup/bootstrap.sh @@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then # want to display in status checks. if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then # This machine is running Ubuntu 18.04. - TAG=v0.47 + TAG=v0.48 elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then # This machine is running Ubuntu 14.04.