@thomascube thomascube released this Nov 28, 2016 · 2147 commits to master since this release

Assets 8

This is the third service release to update the stable version 1.2. It contains some important bug fixes and improvements which we picked from the upstream branch. A detailed list of changes is shown below. Included is a fix for a recently reported security issue when using PHP's mail() function. It has been discovered by Robin Peraglie using RIPS and more details along with a CVE number will be published shortly.

It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating!


  • Fix vulnerability in handling of mail()'s 5th argument
  • Searching in both contacts and groups when LDAP addressbook with group_filters option is used
  • Fix To: header encoding in mail sent with mail() method (#5475)
  • Fix flickering of header top-line in min-mode (#5426)
  • Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447)
  • Fix decoding of GB2312/GBK text when iconv is not installed (#5448)
  • Fix regression where creation of default folders wasn't functioning without prefix (#5460)
  • Enigma: Fix bug where last records on keys list were hidden (#5461)
  • Enigma: Fix key search with keyword containing non-ascii characters (#5459)
  • Fix bug where deleting folders with subfolders could fail in some cases (#5466)
  • Fix bug where IMAP password could be exposed via error message (#5472)
  • Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc,
    Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452)
  • Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
  • Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519)
  • Fix missing content check when image resize fails on attachment thumbnail generation (#5485)
  • Fix displaying attached images with wrong Content-Type specified (#5527)