Roundcube Webmail 1.2.5

@thomascube thomascube released this Apr 28, 2017 · 1975 commits to master since this release

This is a security update to the stable version 1.2. It primarily fixes a recently discovered vulnerability in the virtualmin and sasl drivers of the password plugin plus adds a few cherry-picked bug fixes from upstream versions. A detailed list of changes is shown below.

It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating!


  • Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114]
  • Fix re-positioning of the fixed header of messages list in Chrome when using minimal mode toggle and About dialog (#5711)
  • Fix so settings/ could not be used by plugins (#5694)
  • Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713)
  • Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695)
  • Fix bug where base_dn setting was ignored inside group_filters (#5720)