mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-22 07:17:05 +00:00
Update Roundcube to protect against CVE-2017-16651
See https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10. merges #1287
This commit is contained in:
parent
544f155948
commit
2bbbc9dfa3
@ -4,6 +4,12 @@ CHANGELOG
|
||||
In Development
|
||||
--------------
|
||||
|
||||
This update is a security update addressing [CVE-2017-16651, a vulnerability in Roundcube webmail that allows logged-in users to access files on the local filesystem](https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10).
|
||||
|
||||
Mail:
|
||||
|
||||
* Update to Roundcube 1.3.3.
|
||||
|
||||
Control Panel:
|
||||
|
||||
* Fix DNS validation to allow wildcard custom DNS entries to be set.
|
||||
|
@ -36,8 +36,8 @@ apt-get purge -qq -y roundcube* #NODOC
|
||||
# Install Roundcube from source if it is not already present or if it is out of date.
|
||||
# Combine the Roundcube version number with the commit hash of plugins to track
|
||||
# whether we have the latest version of everything.
|
||||
VERSION=1.3.1
|
||||
HASH=d680f2914a0bff5314d8dda618d55937a13d1c5f
|
||||
VERSION=1.3.3
|
||||
HASH=903a4eb1bfc25e9a08d782a7f98502cddfa579de
|
||||
PERSISTENT_LOGIN_VERSION=dc5ca3d3f4415cc41edb2fde533c8a8628a94c76
|
||||
HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
|
||||
CARDDAV_VERSION=2.0.4
|
||||
|
Loading…
Reference in New Issue
Block a user