Thomas Bruederli | 22 May 20:30 2016

[RCD] Roundcube Webmail 1.2.0 released

Dear subscribers

Today we proudly announce the stable version 1.2.0 of Roundcube
Webmail which is now available for download. It introduces new
features since version 1.1 covering security and PGP encryption

- PHP7 compatibility
- PGP encryption
- Drag-n-drop attachments from mail preview to compose window
- Mail messages searching with pre-defined date interval
- Improved security measures to protect from brute-force attacks

And of course plenty of small improvements and bug fixes.

There wasn't much feedback on the 1.2-beta version and the release
candidate which we consider a good sign. Some cleanup and
stabilization of the Enigma plugin just happened for the now stable

As already announced with the 1.2-beta release [1], PGP encryption
comes in two flavors: client-side using the Mailvelope browser
extension and server-side with the Enigma plugin using GnuPG on the

Support with the Mailvelope browser plugin comes out of the box and is
automatically enabled if the Mailvelope API is detected in a user’s
browser. The Mailvelope documentation [2] explains how to enable it
for your site.

(Continue reading)

Kyle Francis | 19 May 01:31 2016

[RCD] Enigma S/MIME support

So I'm trying to wrap up implementing S/MIME support in the Enigma plugin. I've got cert import (from .p12) implemented, as well as verifying and decrypting working. Certs show up in the Settings menu as well with basic info.

For signing and encrypting openssl_pkcs7_sign/encrypt return fully encoded text files that are ready to be sent by a mail agent, whereas the message_ready hook is looking for a Mail_mime object. 

What would be the recommended course, either parse the file to create a Mail_mime object, or would there be a way to pass along the fully mail agent ready text from opening_pkcs7?


Roundcube Development discussion mailing list
dev <at>
Zhang Huangbin | 27 Apr 02:12 2016

[RCD] Please restore upgrade tutorial

Dear developers,

Could you please help restore the Roundcube upgrade tutorial? Old link is:

But i cannot find it in github repo. It's very important to sysadmins who need to upgrade. Thanks.

Zhang Huangbin, founder of iRedMail project:
Time zone: GMT+8 (China/Beijing).

Roundcube Development discussion mailing list
dev <at>

Brendan | 25 Apr 20:00 2016

[RCD] bug: html spellcheck on send

in roundcube-1.1.4 (and almost certainly other versions), we have
noticed the following behavior (using the enchant spell engine):

if you have a link (ie, {a href=""}Happy{/a} - brackets
changed so no one's email client interprets them as a link) in an html
email, the behavior of using the spellcheck button is different than
when you go to send the email (and are configured to check spelling upon

with the spellcheck button the client only passes the plain text through
to the spellcheck engine, ie:


when sending, the client sends the full html and before being passed to
the spellcheck engine it gets converted into text email content, ie:

Happy [1]


the enchant spell engine then throws errors on "http" and "",
both of which it really ought to be ignoring.

i see two different solutions:

1) in program/lib/Roundcube/rcube_spellchecker.php function check(),
  $this->content = $this->html2text($text);
  $this->content = strip_tags($text);

2) in program/lib/Roundcube/rcube_spellchecker_enchant.php (and
rcube_spellchecker_pspell.php, etc) function check(), add in a regex to
strip out lines matching /^\[\d+\] http:\/\/.*/ prior to tokenizing the

#1 seems cleaner, but i'm not sure if there is a reason we need to use
html2text there. does anyone from kolab have any input on the preferred
way to deal with this?
Roundcube Development discussion mailing list
dev <at>

Thomas Bruederli | 20 Apr 22:13 2016

[RCD] Published Updates 1.1.5 and 1.0.9

Dear subscribers

We just published updates to both stable versions 1.0 and 1.1
delivering important bug fixes and helps protecting Roundcube against
more XSS and CSRF attacks. Version 1.1.5 also has two new plugin hooks
integrated and version 1.0.9 comes with cherry-picked fixes from the
more recent version to ensure proper long term support.

See the full changelog in the wiki [1] and the selection for 1.0.9 on
the release page [2].

Both versions are considered stable and we recommend to update all
productive installations of Roundcube with either one of these
versions. Download them from GitHub via

As usual, don’t forget to backup your data before updating!


Roundcube Development discussion mailing list
dev <at>
Thomas Bruederli | 13 Apr 21:59 2016

[RCD] Release candidate for 1.2 out now

Hello folks

Roundcube 1.2 is pretty much complete and after adding some
last-minute improvements we just published a release candidate to give
it another round of testing before we slap the 'stable' tag on it. We
hereby invite you all to test the release candidate and report
remaining bugs to our issue tracker.

The most important features we added in 1.2 are:

* PHP7 compatibility
* PGP encryption in two flavours
* Improved security measures to protect from brute-force and CSRF attacks

See the full Changelog in our wiki:

Download the packages or the signed source directly from Github:

Please note that we recommend to test it on a separate environment.
And don't forget to backup your data before installing it.

Another note: with the upcoming stable release of 1.2.0 the old 1.0.x
and the 1.1.x series will only receive important security fixes.
Updates to these two branches are to be released soon. So stay tuned!

Roundcube Development discussion mailing list
dev <at>

Brendan | 30 Mar 18:39 2016

[RCD] rc next: ember broccoli error

has anyone encountered this error before? just trying to get things set
up for the first time, everything was installed from scratch and latest

brendan <at> xps:~/rcube/roundcube-shell$ export
JMAP_HOST= && STYLEGUIDE=true && ember server
version: 1.13.12
BroccoliMergeTrees: Expected Broccoli node, got undefined for inputNodes[0]
TypeError: BroccoliMergeTrees: Expected Broccoli node, got undefined for
    at BroccoliMergeTrees.Plugin
    at new BroccoliMergeTrees
    at BroccoliMergeTrees
    at Class.module.exports.treeForVendor
    at Class._treeFor
    at Class.treeFor
    at (native)
    at EmberApp.addonTreesFor
    at EmberApp._processedVendorTree
Roundcube Development discussion mailing list
dev <at>

Maureen Electa Monte | 30 Mar 00:36 2016

[RCD] Can you please build a roundcube mail app for Android?

I had an app that wasn't by you that didn't work very well. I read that I'm supposed to use the browser and the user interface is impossible to navigate once I log in. 

Are there options you recommend for people like me who want to use my smart phone to access my email? 

Please advise, and thank you very much for your time. 


Maureen Electa Monte Success Architect | Building Winning Teams Ideation ~ Strategic ~ Learner ~ Achiever ~ Individualization ~ Maximizer c) 248.821.6821 Learn about Strengths-Based Success at
Roundcube Development discussion mailing list
dev <at>
Kyle Francis | 24 Mar 22:07 2016

[RCD] Enigma S/MIME support


Thanks for helping me get up and running with the enigma plugin and for 
pointing me to the previously existing work on an SMIME plugin.

For those of you who don't know and are interested, I'm a Master's 
Candidate and I'm implementing S/MIME in the enigma plugin for an 
independent study this semester.

So far I have implemented the following features:

- Import PKCS#12 certificate store (password protected)
    - Pub cert, priv key, any additional certs contained in the store 
treated as CA certs.
    - create a hashed directory of CA certs
- Verify S/MIME signatures (pkcs7-signatures .p7s)
- Decrypt S/MIME encrypted emails
   - Decrypt and verify signed then encrypted emails

Features that are not yet complete:

- Encrypt only outgoing
    - Add menu option to Compose Window
- Sign only outgoing (clear signing)
    - Add menu option to Compose window
- Encrypt then Sign
- Sign then Encrypt
- List certs/details from settings view
- Verify pkcs7-mime (.p7m) signed emails
- Generate CSR
- Handle CRL's (.p7c)

Modifications are available at in 
a branch called enigma-smime-dev.



Kyle Francis
M.S.IT Candidate
Rensselaer Polytechnic Institute
Email - franck6 <at>
         kyle <at>
Roundcube Development discussion mailing list
dev <at>

Thomas Bruederli | 20 Mar 23:27 2016

[RCD] Trac platform migrated to Github

Dear subscribers

After many ups and downs with our Trac platform which hosted our wiki
and the ticket system for years now, we finally migrated the data over
to Github where we already host the git repositories. Therefore,

  on March 25th 2016 the site will be shut down

Starting today, the site is in read-only mode meaning that user logins
and ticket reporting have been disabled already.

This means that submitting new tickets now goes through Github and so
does the roadmap planning and overview. The entry point for that is
our Github project page at

Today we just migrated 4.8K tickets from the Trac database to Github
issues [1], leaving the invalid and duplicate ones behind.
Unfortunately the ticket numbers could not be kept and have all been
re-assigned. The original trac ticket numbers are mentioned in the
migrated issue body and can be used for searching. We'll also install
a redirect service which will translate old Trac urls to the
corresponding issue pages.

The wiki will also be translated into Github markdown pages. There's
some manual reviewing involved in order to update or remove outdated
information during this process. Please give us some more days to
complete that task.

Thank you for your understanding and see you on Github


Roundcube Development discussion mailing list
dev <at>

Pascal Nobus | 14 Mar 12:34 2016

[RCD] bug in CC-input-field 1.1.4

If you type this in the CC-input field:
"Your Name (your <at>" <your <at>>
you will endup with a bounce.

It seems roundcube is seeing the values between the " as an emailadress.

Reprodruce this error:

Typ in the CC-field:
"Your Name (your <at>" <your <at>>

And you'll get an error about

I tried to put this in the TRAC-system, but couldn't create a login.

Best regards,
Pascal Nobus
Roundcube Development discussion mailing list
dev <at>