Skip to content

@thomascube thomascube released this Jul 27, 2018 · 1767 commits to master since this release

This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix mitigating the EFAIL issue recently discovered in OpenPGP. See the complete changelog below.

This version in considered stable and we recommend to update all productive installations
of Roundcube with it. Please do backup your data before updating!


  • Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
  • Fix bug where some parts of quota information could have been ignored (#6280)
  • Fix bug where some escape sequences in html styles could bypass security checks
  • Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
  • Fix bug where only attachments with the same name would be ignored on zip download (#6301)
  • Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
  • Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
  • Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
  • Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
Assets 8
You can’t perform that action at this time.