Marcel SIneM(S)US#Roundcube-Webmail-Instanzen mit Schadcode attackierbar | Security https://www.heise.de/news/Roundcube-Webmail-Instanzen-mit-Schadcode-attackierbar-11307545.html #Patchday #SQLinjection #XSS #CrossSiteScripting
Millux#roundcube #linux
Wer Roundcube Mail selbst hostet: Bitte nicht ungeprüft von 1.6.x auf 1.7.x migrieren. Das kann schief gehen, weil die Version 1.7 neue Strukturen im Webserver und PHP ab Version 8.5 erfordert. Und zurück migrieren geht schlecht, weil das Datenbankschema beim Upgrade verändert wird
mastodon.raddemo.host🚀 How to Install #Roundcube on Rocky Linux #VPS (5 Minute Quick-Start Guide)
This article explains how to install Roundcube on Rocky Linux VPS.
What is Roundcube?
Roundcube is a free, open-source webmail application—a browser-based email client you host on your own server. It provides a modern, Gmail-like UI on top of your existing IMAP/SMTP mail server (e.g., ...
Continued 👉 https://blog.radwebhosting.com/install-roundcube-on-rocky-linux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #apache #phpfpm #mariadb #certbot #rockylinux #selfhosting #letsencrypt #selfhosted
KennyThe changes in #Roundcube also mean that versions >= 1.7 will probably stop working on simple shared hosting services in the future which only provide the htdocs folder to the user. It might already be permanently broken on shared hosting services that use #NGINX.
TIL: Was wondering why #Roundcube broke when moving from version 1.6 to 1.7.
Turns out that the core maintainer introduced a "static.php" that now serves all static files because he was unhappy that people didn't use the "public_html/" folder to serve content.
That means that the retrieval of each and every single static file now needs a PHP process. The script is already collecting workarounds left and right. What utter bullshit.
Tresseo
Patchday RobotNew Version: #Roundcube 1.7.1 (stable;All) http://roundcube.net/download
IBBoardApparently #RoundCube is REALLY concerned about security, and that's why it's got this new "route ALL static resources through PHP" thing going on.
Also in RoundCube: My CSP policy is complaining because I've not included `unsafe-eval` 😑
Apparently RoundCube webmail now has "mandatory public_html/ entry point" and I'm trying to work out what that means and how to work with it.
I run a VPS. I don't bother with `public_html` for everything. Every website has its directory that is for the public HTML. I don't need a per-site directory _and_ a public_html directory.
But apparently the upgrade might break my system for a while until I work out the change of config required 🙄
Neustradamus :xmpp: :linux:#Roundcube 1.6.16 ( #LTS ) has been released ( #Webmail / #Mail / #IMAP / #SMTP / #LDAP / #Managesieve / #PHP / #MariaDB / #MySQL / #PostgreSQL / #SQLite / #OracleDB / #MSSQL / #LongTermSupport / #CVE / #SecurityVulnerability ) https://roundcube.net/