Opened 2 years ago

Closed 2 years ago

#11697 closed Task/To do item (fixed)

Roundcube upgrade

Reported by: https://id.mayfirst.org/srevilak Owned by: https://id.mayfirst.org/srevilak
Priority: Medium Component: Tech
Keywords: roundcube, stallman Cc:
Sensitive: no

Description

There's a new version of roundcube available. We should upgrade.

Date: Wed, 20 Apr 2016 22:13:28 +0200
From: Thomas Bruederli <thomas@roundcube.net>
To: Roundcube Announce List <announce@lists.roundcube.net>         
Subject: [Roundcube Announce] Published Updates 1.1.5 and 1.0.9
Message-ID: <CAO3naw4AjSGogqPNo2s+P3SLWTCrsAAfS5O-3Fxdx=vf2E-sVA@mail.gmail.com>

Dear subscribers

We just published updates to both stable versions 1.0 and 1.1
delivering important bug fixes and helps protecting Roundcube against
more XSS and CSRF attacks. Version 1.1.5 also has two new plugin hooks                      
integrated and version 1.0.9 comes with cherry-picked fixes from the
more recent version to ensure proper long term support.         

See the full changelog in the wiki [1] and the selection for 1.0.9 on
the release page [2].

Both versions are considered stable and we recommend to update all                          
productive installations of Roundcube with either one of these                              
versions. Download them from GitHub via
https://roundcube.net/download.

As usual, don’t forget to backup your data before updating!    

Best,
Thomas


[1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
[2] https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
_______________________________________________
Roundcube Announcement mailing list
announce (AT) lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/announce

Change History (4)

comment:1 Changed 2 years ago by https://id.mayfirst.org/srevilak

  • Owner set to https://id.mayfirst.org/srevilak
  • Status changed from new to assigned

comment:2 Changed 2 years ago by https://id.mayfirst.org/srevilak

Code integration

git fetch gmo
git fetch origin
git merge 1.1.5

# check
git diff 1.1.5..HEAD

# No changes to composer configuration
0 sunny:roundcube$ git diff composer.json-dist composer.json
0 sunny:roundcube$ 

Changes in this release

0 sunny:roundcube$ git log --oneline --graph roundcube-1.1.4-mfpl1..HEAD
* 9a9b4a0 Merge tag '1.1.5' into mfpl-release-1.1
* 25bc871 Bump version to 1.1.5
* ead0846 Plugin API: Add html2text hook (backport from master)
* 8484100 Fix converting mail addresses with @www. into mailto links (#5197)
* c91d497 Make sure an email address is valid when replacing it with mailto: link
* d54eb6c CS fixes
* 55d90b2 mailbox/listing: Make server response for large mailbox listing faster when using threaded view
* e1ae200 Transliterate ticket IDs after migration to Github issues
* 473dc0b Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
* b99a1bc Use pear repository via secure channel
* 86bc1f9 Require Net_Socket >= 1.0.12 (because of timeout=0 bugfix)
* 2bfce1a Refer to Github issues instead of Trac
* 066b205 Refer to Github issues instead of Trac
* 7c04110 Fix so contactlist_fields option can be set via config file
* 4d3f055 Refactor desktop notifications
* 126d099 Fix PHP warning when defaults.inc.php is not readable
* 1600135 Update changelog
* 699af1e Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response
* b01689c Hide DSN option in Preferences when smtp_server is not used (#1490666)
* 7a73635 Fix unicode-awareness of Base64 encoding implementation in javascript
* 58c0384 Fix list row selection when provided uid is number not a string
* d66793f Fix missing emoticons on html-to-text conversion
* f915d15 Bring back additional_message_headers compatibility with Mail_Mime < 1.9
* c8023ac Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#1490657)
* 8d047c6 Plugin API: Added addressbook_export hook
* 3e55a2d Fix bug in long recipients list parsing for cases where recipient name contained @-char (#1490653)
* a2d5db0 Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#1490647)
* d3b98eb Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#1490643)
* 4de4438 Fix regression where xml mode could be used to parse xhtml messages causing empty result
* 768e3e1 Improved SVG cleanup code
* 847c771 Refactor wash_attribs() - fix regressions
* 3e4b7cd Extend rcube_washtml with SVG support
* 7bbefdb Fix XSS issue in SVG images handling (#1490625)
* 3f6fbdc Fix random "access to this resource is secured against CSRF" message at logout (#1490641) - this is when openssl module is not installed
* db76c50 Update ticket number
* 8a53588 Make TLS method for IMAP parameterisable.
* f8911c2 Enable use of TLSv1.1 and TLSv1.2 for IMAP.
* fc5beff Fix missing language name in "Add to Dictionary" request in HTML mode (#1490634)

Continuing:

git tag -s roundcube-1.1.5-mfpl1

0 sunny:roundcube$ git tag -v roundcube-1.1.5-mfpl1
object 9a9b4a0f48577c9a7f6b7e7a1c4e31c9413c71ae
type commit
tag roundcube-1.1.5-mfpl1
tagger Steve Revilak <steve@...> 1462642065 -0400

MFPL tag for 1.1.5
gpg: Signature made Sat 07 May 2016 01:27:57 PM EDT
gpg:                using RSA key 0x3EB22DE4E594DCF2
gpg: Good signature from "Steve Revilak <steve@...>" [ultimate]
gpg:                 aka "Steve Revilak <srevilak@...>" [ultimate]

Pushing:

git push gmo
git push gmo --tags

roundcube.dev upgrade

0 roundcube-code@stallman:/srv/roundcube-dev$ git remote update
Fetching gmo
remote: Counting objects: 355, done.
remote: Compressing objects: 100% (92/92), done.
remote: Total 278 (delta 196), reused 267 (delta 185)
Receiving objects: 100% (278/278), 72.94 KiB | 0 bytes/s, done.
Resolving deltas: 100% (196/196), completed with 72 local objects.
From git://git.mayfirst.org/mfpl/roundcube
   8371aac..9a9b4a0  mfpl-release-1.1 -> gmo/mfpl-release-1.1
 * [new tag]         roundcube-1.1.5-mfpl1 -> roundcube-1.1.5-mfpl1
 * [new tag]         1.1.5      -> 1.1.5

0 roundcube-code@stallman:/srv/roundcube-dev$ git tag -v roundcube-1.1.5-mfpl1
object 9a9b4a0f48577c9a7f6b7e7a1c4e31c9413c71ae
type commit
tag roundcube-1.1.5-mfpl1
tagger Steve Revilak <steve@...> 1462642065 -0400

MFPL tag for 1.1.5
gpg: Signature made Sat 07 May 2016 01:27:57 PM EDT
gpg:                using RSA key 0x3EB22DE4E594DCF2
gpg: Good signature from "Steve Revilak <steve@...>"
gpg:                 aka "Steve Revilak <srevilak@...>"


0 roundcube-code@stallman:/srv/roundcube-dev$ git status -v
HEAD detached at roundcube-1.1.4-mfpl1
nothing to commit, working directory clean
0 roundcube-code@stallman:/srv/roundcube-dev$ git checkout roundcube-1.1.5-mfpl1
Previous HEAD position was 8371aac... composer.phar => 72cd6afdfce16f36a9fd786bc1b2f32b851e764f
HEAD is now at 9a9b4a0... Merge tag '1.1.5' into mfpl-release-1.1


# composer.json didn't change, so I'm not going to worry
# about the dependencies.
#
0 roundcube-dev@stallman:/srv/roundcube-dev$ php bin/update.sh 
What version are you upgrading from? Type '?' if you don't know.
?
Executing database schema update.
WARNING: unable to update composer.json!
Please replace the 'require' section in your composer.json with the following:
    "require": {
        "php": ">=5.3.7",
        "roundcube/plugin-installer": "~0.1.6",
        "pear-pear.php.net/auth_sasl": "~1.0.6",
        "pear-pear.php.net/net_idna2": "~0.1.1",
        "pear-pear.php.net/net_sieve": "~1.3.4",
        "pear-pear.php.net/mail_mime": "~1.9.0",
        "pear-pear.php.net/net_smtp": "~1.7.1",
        "patchwork/utf8": "~1.2.3",
        "pear-pear.php.net/net_socket": "~1.0.12"
    }

NOTE: Update dependencies by running `php composer.phar update --no-dev`
This instance of Roundcube is up-to-date.
Have fun!


0 roundcube-dev@stallman:/srv/roundcube-dev$ php bin/indexcontacts.sh 
Indexing contacts for user 1...done.
Indexing contacts for user 2...done.

Tested by reading messages, saving drafts, sending messages. Looks okay so far.

Last edited 2 years ago by https://id.mayfirst.org/srevilak (previous) (diff)

comment:3 Changed 2 years ago by https://id.mayfirst.org/srevilak

roundcube.mayfirst.org

0 roundcube-code@stallman:/srv/roundcube$ git tag -v roundcube-1.1.5-mfpl1
object 9a9b4a0f48577c9a7f6b7e7a1c4e31c9413c71ae
type commit
tag roundcube-1.1.5-mfpl1
tagger Steve Revilak <steve@...> 1462642065 -0400

MFPL tag for 1.1.5
gpg: Signature made Sat 07 May 2016 01:27:57 PM EDT
gpg:                using RSA key 0x3EB22DE4E594DCF2
gpg: Good signature from "Steve Revilak <steve@...>"
gpg:                 aka "Steve Revilak <srevilak@...>"

0 roundcube-code@stallman:/srv/roundcube$ git checkout roundcube-1.1.5-mfpl1
Previous HEAD position was 8371aac... composer.phar => 72cd6afdfce16f36a9fd786bc1b2f32b851e764f
HEAD is now at 9a9b4a0... Merge tag '1.1.5' into mfpl-release-1.1

0 roundcube@stallman:~$ cd /srv/roundcube
0 roundcube@stallman:/srv/roundcube$ php bin/update.sh 
What version are you upgrading from? Type '?' if you don't know.
?
Executing database schema update.
WARNING: unable to update composer.json!
Please replace the 'require' section in your composer.json with the following:
    "require": {
        "php": ">=5.3.7",
        "roundcube/plugin-installer": "~0.1.6",
        "pear-pear.php.net/auth_sasl": "~1.0.6",
        "pear-pear.php.net/net_idna2": "~0.1.1",
        "pear-pear.php.net/net_sieve": "~1.3.4",
        "pear-pear.php.net/mail_mime": "~1.9.0",
        "pear-pear.php.net/net_smtp": "~1.7.1",
        "patchwork/utf8": "~1.2.3",
        "pear-pear.php.net/net_socket": "~1.0.12"
    }

NOTE: Update dependencies by running `php composer.phar update --no-dev`
This instance of Roundcube is up-to-date.
Have fun!


0 roundcube@stallman:/srv/roundcube$ php bin/gc.sh

0 roundcube@stallman:/srv/roundcube$ php bin/indexcontacts.sh 
Indexing contacts for user 1...done.
Indexing contacts for user 2...done.
Indexing contacts for user 3...done.
 ...


0 stallman:~# sv stop roundcube
ok: down: roundcube: 0s, normally up
0 stallman:~# sv start roundcube
ok: run: roundcube: (pid 26412) 0s

comment:4 Changed 2 years ago by https://id.mayfirst.org/srevilak

  • Resolution set to fixed
  • Status changed from assigned to closed

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.