Thomas Bruederli | 22 May 20:30 2016
Picon
Gravatar

[RCD] Roundcube Webmail 1.2.0 released

Dear subscribers

Today we proudly announce the stable version 1.2.0 of Roundcube
Webmail which is now available for download. It introduces new
features since version 1.1 covering security and PGP encryption
topics:

- PHP7 compatibility
- PGP encryption
- Drag-n-drop attachments from mail preview to compose window
- Mail messages searching with pre-defined date interval
- Improved security measures to protect from brute-force attacks

And of course plenty of small improvements and bug fixes.

There wasn't much feedback on the 1.2-beta version and the release
candidate which we consider a good sign. Some cleanup and
stabilization of the Enigma plugin just happened for the now stable
version.

As already announced with the 1.2-beta release [1], PGP encryption
comes in two flavors: client-side using the Mailvelope browser
extension and server-side with the Enigma plugin using GnuPG on the
server.

Support with the Mailvelope browser plugin comes out of the box and is
automatically enabled if the Mailvelope API is detected in a user’s
browser. The Mailvelope documentation [2] explains how to enable it
for your site.

(Continue reading)

Kyle Francis | 19 May 01:31 2016
Picon

[RCD] Enigma S/MIME support

So I'm trying to wrap up implementing S/MIME support in the Enigma plugin. I've got cert import (from .p12) implemented, as well as verifying and decrypting working. Certs show up in the Settings menu as well with basic info.

For signing and encrypting openssl_pkcs7_sign/encrypt return fully encoded text files that are ready to be sent by a mail agent, whereas the message_ready hook is looking for a Mail_mime object. 

What would be the recommended course, either parse the file to create a Mail_mime object, or would there be a way to pass along the fully mail agent ready text from opening_pkcs7?

Kyle

_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Zhang Huangbin | 27 Apr 02:12 2016

[RCD] Please restore upgrade tutorial

Dear developers,

Could you please help restore the Roundcube upgrade tutorial? Old link is:
http://trac.roundcube.net/wiki/Howto_Upgrade

But i cannot find it in github repo. It's very important to sysadmins who need to upgrade. Thanks.

----
Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/
Time zone: GMT+8 (China/Beijing).

_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Brendan | 25 Apr 20:00 2016

[RCD] bug: html spellcheck on send

in roundcube-1.1.4 (and almost certainly other versions), we have
noticed the following behavior (using the enchant spell engine):

if you have a link (ie, {a href="http://blhblh.com"}Happy{/a} - brackets
changed so no one's email client interprets them as a link) in an html
email, the behavior of using the spellcheck button is different than
when you go to send the email (and are configured to check spelling upon
send).

with the spellcheck button the client only passes the plain text through
to the spellcheck engine, ie:

Happy

when sending, the client sends the full html and before being passed to
the spellcheck engine it gets converted into text email content, ie:

Happy [1]

Links:
------
[1] http://blhblh.com

the enchant spell engine then throws errors on "http" and "blhblh.com",
both of which it really ought to be ignoring.

i see two different solutions:

1) in program/lib/Roundcube/rcube_spellchecker.php function check(),
replace:
  $this->content = $this->html2text($text);
with:
  $this->content = strip_tags($text);

2) in program/lib/Roundcube/rcube_spellchecker_enchant.php (and
rcube_spellchecker_pspell.php, etc) function check(), add in a regex to
strip out lines matching /^\[\d+\] http:\/\/.*/ prior to tokenizing the
text.

#1 seems cleaner, but i'm not sure if there is a reason we need to use
html2text there. does anyone from kolab have any input on the preferred
way to deal with this?
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Thomas Bruederli | 20 Apr 22:13 2016
Picon
Gravatar

[RCD] Published Updates 1.1.5 and 1.0.9

Dear subscribers

We just published updates to both stable versions 1.0 and 1.1
delivering important bug fixes and helps protecting Roundcube against
more XSS and CSRF attacks. Version 1.1.5 also has two new plugin hooks
integrated and version 1.0.9 comes with cherry-picked fixes from the
more recent version to ensure proper long term support.

See the full changelog in the wiki [1] and the selection for 1.0.9 on
the release page [2].

Both versions are considered stable and we recommend to update all
productive installations of Roundcube with either one of these
versions. Download them from GitHub via
https://roundcube.net/download.

As usual, don’t forget to backup your data before updating!

Best,
Thomas

[1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
[2] https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Thomas Bruederli | 13 Apr 21:59 2016
Picon
Gravatar

[RCD] Release candidate for 1.2 out now

Hello folks

Roundcube 1.2 is pretty much complete and after adding some
last-minute improvements we just published a release candidate to give
it another round of testing before we slap the 'stable' tag on it. We
hereby invite you all to test the release candidate and report
remaining bugs to our issue tracker.

The most important features we added in 1.2 are:

* PHP7 compatibility
* PGP encryption in two flavours
* Improved security measures to protect from brute-force and CSRF attacks

See the full Changelog in our wiki:
https://github.com/roundcube/roundcubemail/wiki/Changelog

Download the packages or the signed source directly from Github:
https://github.com/roundcube/roundcubemail/releases/tag/1.2-rc

Please note that we recommend to test it on a separate environment.
And don't forget to backup your data before installing it.

Another note: with the upcoming stable release of 1.2.0 the old 1.0.x
and the 1.1.x series will only receive important security fixes.
Updates to these two branches are to be released soon. So stay tuned!

Best,
Thomas
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Brendan | 30 Mar 18:39 2016

[RCD] rc next: ember broccoli error

has anyone encountered this error before? just trying to get things set
up for the first time, everything was installed from scratch and latest
versions.

brendan <at> xps:~/rcube/roundcube-shell$ export
JMAP_HOST=http://127.0.0.1:8080 && STYLEGUIDE=true && ember server
version: 1.13.12
BroccoliMergeTrees: Expected Broccoli node, got undefined for inputNodes[0]
TypeError: BroccoliMergeTrees: Expected Broccoli node, got undefined for
inputNodes[0]
    at BroccoliMergeTrees.Plugin
(/home/brendan/rcube/roundcube-shell/node_modules/broccoli-plugin/index.js:23:13)
    at new BroccoliMergeTrees
(/home/brendan/rcube/roundcube-shell/node_modules/broccoli-merge-trees/index.js:29:10)
    at BroccoliMergeTrees
(/home/brendan/rcube/roundcube-shell/node_modules/broccoli-merge-trees/index.js:23:53)
    at Class.module.exports.treeForVendor
(/home/brendan/rcube/roundcube-shell/node_modules/roundcube-mail/index.js:28:12)
    at Class._treeFor
(/home/brendan/rcube/roundcube-shell/node_modules/ember-cli/lib/models/addon.js:319:31)
    at Class.treeFor
(/home/brendan/rcube/roundcube-shell/node_modules/ember-cli/lib/models/addon.js:289:19)
    at
/home/brendan/rcube/roundcube-shell/node_modules/ember-cli/lib/broccoli/ember-app.js:369:20
    at Array.map (native)
    at EmberApp.addonTreesFor
(/home/brendan/rcube/roundcube-shell/node_modules/ember-cli/lib/broccoli/ember-app.js:367:30)
    at EmberApp._processedVendorTree
(/home/brendan/rcube/roundcube-shell/node_modules/ember-cli/lib/broccoli/ember-app.js:796:29)
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Maureen Electa Monte | 30 Mar 00:36 2016

[RCD] Can you please build a roundcube mail app for Android?

I had an app that wasn't by you that didn't work very well. I read that I'm supposed to use the browser and the user interface is impossible to navigate once I log in. 

Are there options you recommend for people like me who want to use my smart phone to access my email? 

Please advise, and thank you very much for your time. 

 

--
Maureen Electa Monte Success Architect | Building Winning Teams Ideation ~ Strategic ~ Learner ~ Achiever ~ Individualization ~ Maximizer c) 248.821.6821 Learn about Strengths-Based Success at www.maureenmonte.com
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Kyle Francis | 24 Mar 22:07 2016
Picon

[RCD] Enigma S/MIME support

Alec,

Thanks for helping me get up and running with the enigma plugin and for 
pointing me to the previously existing work on an SMIME plugin.

For those of you who don't know and are interested, I'm a Master's 
Candidate and I'm implementing S/MIME in the enigma plugin for an 
independent study this semester.

So far I have implemented the following features:

- Import PKCS#12 certificate store (password protected)
    - Pub cert, priv key, any additional certs contained in the store 
treated as CA certs.
    - create a hashed directory of CA certs
- Verify S/MIME signatures (pkcs7-signatures .p7s)
- Decrypt S/MIME encrypted emails
   - Decrypt and verify signed then encrypted emails

Features that are not yet complete:

- Encrypt only outgoing
    - Add menu option to Compose Window
- Sign only outgoing (clear signing)
    - Add menu option to Compose window
- Encrypt then Sign
- Sign then Encrypt
- List certs/details from settings view
- Verify pkcs7-mime (.p7m) signed emails
- Generate CSR
- Handle CRL's (.p7c)

Modifications are available at github.com/guitarmanusa/roundcubemail in 
a branch called enigma-smime-dev.

--

-- 

Kyle Francis
M.S.IT Candidate
Rensselaer Polytechnic Institute
Email - franck6 <at> rpi.edu
         kyle <at> linuxtoolbox.ninja
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Thomas Bruederli | 20 Mar 23:27 2016
Picon
Gravatar

[RCD] Trac platform migrated to Github

Dear subscribers

After many ups and downs with our Trac platform which hosted our wiki
and the ticket system for years now, we finally migrated the data over
to Github where we already host the git repositories. Therefore,

  on March 25th 2016 the trac.roundcube.net site will be shut down

Starting today, the site is in read-only mode meaning that user logins
and ticket reporting have been disabled already.

This means that submitting new tickets now goes through Github and so
does the roadmap planning and overview. The entry point for that is
our Github project page at https://github.com/roundcube/roundcubemail

Today we just migrated 4.8K tickets from the Trac database to Github
issues [1], leaving the invalid and duplicate ones behind.
Unfortunately the ticket numbers could not be kept and have all been
re-assigned. The original trac ticket numbers are mentioned in the
migrated issue body and can be used for searching. We'll also install
a redirect service which will translate old Trac urls to the
corresponding issue pages.

The wiki will also be translated into Github markdown pages. There's
some manual reviewing involved in order to update or remove outdated
information during this process. Please give us some more days to
complete that task.

Thank you for your understanding and see you on Github

Best,
Thomas

[1] https://github.com/roundcube/roundcubemail/issues
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Pascal Nobus | 14 Mar 12:34 2016
Picon

[RCD] bug in CC-input-field 1.1.4

If you type this in the CC-input field:
"Your Name (your <at> email.com)" <your <at> email.com>
you will endup with a bounce.

It seems roundcube is seeing the values between the " as an emailadress.

Reprodruce this error:

Typ in the CC-field:
"Your Name (your <at> email1.com)" <your <at> email2.com>

And you'll get an error about email1.com

P.S.
I tried to put this in the TRAC-system, but couldn't create a login.

Best regards,
Pascal Nobus
--
www.webservice.be
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev


Gmane