1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-24 07:37:04 +00:00
Roundcube XSS vulnerability fixed.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl9GpkcPHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BoYAH/2NjdfN2d6f45uPq/X32bBAc6wfI7Cs9yCKp
 LOrAfPlmE0jRSm9ThATfZvaWci2r2IFhsFzQ9bWHpbIP5YD7mDD50I2uTnZa9BV4
 MsI40VXoh0BAgkWRqK60rTw0lQ9YGT+1TNLDEs1Y7vBjfTCOh4MMn4jUXkIEHDQg
 2pSHY1RUq7T0wRaHS+rTPDccotS/xCGg6uZJ+gSlvhRdxakAe9mo8139KD/4fjT8
 HK6igpwHsn3POg7mmJoSYXtScmWRYfnSV9kyfYyVyjhu5/uIowdICwFOzX7G7ruM
 yA/azBlyMs898e5jYFR1tQqQ1rVYVy/nqCQOiyJa34ngHGSi41U=
 =a9fn
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl9G3ZEACgkQLzJ3OKPA
 rjpEvQ//cG844Wv3samnABlRv2ZIjg6OXtjsE9OuN/O2exGhJ7wNhlJ5F3VyXP5Z
 Tufm2HNc3sg9lQUVmyvFbSx03f/tgRdykH2HDS55Q3Q9YdpmZJBGlqsoMN/GIfjU
 PDcLpN30XBt6S8qB/7d/U37ZW69OuFZLDRlwQZ66N/shxXkZSOp9U/9nH1Vf5OEU
 /L5RVtsi/baDnauXDJWpyNsLKKEB4jCrlEiVI437cN2Yr3Y/d1u4pf3zQOEQmAGV
 /A6fu2a9Kkc7IvcAKeoIvlyt+2gYw1zUDkBHf+LuSXGkxTt07L9Bjc7I6SY3DGo2
 QiEVOMDPiKWl+0UQ73w/lwCUS7FbzaG/Mj2+c1pJ85UaZYbU5ovjJLesk+UPIG8Q
 LmVCAHTw6QctZZi0BwP5epPk01zbeSBmRosT6b4l95G2sqh91CMNUjNRc7963yzB
 Z36hpaWSqpGKyEjma9XFvGi9Tfkg1JxblLjmPVqbyez7bpAMgSw5FBWU1zjxjOmi
 XOvGu/Fdu+gCre6IHfl8nTJNRc27UtJWTZjbQVl1OlbRx/h2QS/tKMpgN9VOrSV5
 koi4TuX+T4kSE2S+atzlPOQuDIOHfdlxaU2mlwtqVfHBjlwE7FEcdfIGa5Pl6Blj
 fFsDI7T6VGw2zup40vk/tRn5GY2KCPdp6rHhuCMA1PY6gerhhLw=
 =3X2X
 -----END PGP SIGNATURE-----

Merge upstream v0.48
This commit is contained in:
David Ferreira de Sousa Duque 2020-08-26 23:09:14 +01:00
commit d7d3561768
3 changed files with 11 additions and 4 deletions

View File

@ -1,6 +1,13 @@
CHANGELOG
=========
v0.48 (August 26, 2020)
-----------------------
Security fixes:
* Roundcube is updated to version 1.4.8 fixing additional cross-site scripting (XSS) vulnerabilities.
v0.47 (July 29, 2020)
---------------------

View File

@ -146,7 +146,7 @@ by him:
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
$ git verify-tag v0.47
$ git verify-tag v0.48
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
@ -159,7 +159,7 @@ and on his [personal homepage](https://razor.occams.info/). (Of course, if this
Checkout the tag corresponding to the most recent release:
$ git checkout v0.47
$ git checkout v0.48
Begin the installation.

View File

@ -28,8 +28,8 @@ apt_install \
# Install Roundcube from source if it is not already present or if it is out of date.
# Combine the Roundcube version number with the commit hash of plugins to track
# whether we have the latest version of everything.
VERSION=1.4.7
HASH=49F194D25AC7B9BF175BD52285BB61CDE7BAED44
VERSION=1.4.8
HASH=3a6824fd68fef2e0d24f186cfbee5c6f9d6edbe9
PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435
HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
CARDDAV_VERSION=3.0.3