https://github.com/roundcube/roundcubemail/releases/tag/1.5.0

安全更新

This is the stable release of the next major version of Roundcube webmail.
With this milestone we introduce new features and full PHP 8.0 support.
The most noteworthy additions are:

* Dark mode for Elastic skin
* OAuth2/XOauth support (with plugin hooks)
* Collected recipients and trusted senders
* Moving recipients between inputs with drag & drop
* Full unicode support with MySQL database
* Support of IMAP LITERAL- extension [RFC 7888]
* Support of RFC 2231 encoded names
* Cache refactoring

See the full changelog below.

We also disabled the spell checking feature using spell.roundcube.net by default because some privacy concerns were raised. It now needs to be enabled explicitly by setting the `enable_spellcheck` config option to true.

In case you're running Roundcube directly from source or if you're not using the complete package, you need to install 3rd party javascript modules using the `bin/install-jsdeps.sh` script. In the 1.5.x series the toolchain required to build a functional package has changed a bit:

* `bin/jsshrink.sh`: replaced `google-closure-compiler` with UglifyJS
* `bin/cssshrink.sh`: replaced `yuicompressor` with `csso`
* Elastic theme: require `lessc` >= 2.5.2 (and add support for v4) with `less-plugin-clean-css`

This release is considered stable and we encourage you to update your productive installations after carefully testing the upgrade scenario.

With the release of Roundcube 1.5.0, the previous stable release branches 1.4.x and 1.3.x will change into LTS low maintenance mode which means they will only receive important security updates but no longer any regular improvement updates. The 1.2.x series is no longer supported and maintained.

## CHANGELOG (since 1.5-rc)

- Support displaying RTF content (including encapsulated HTML) from a TNEF attachment
- Disable the default spellchecker option using spell.roundcube.net (#8182)
- Newmail_notifier: Improved the notification sound (#8155)
- Fix size of Mailvelope iframe for PGP-inlined mail, again (#8126)
- Fix handling of group names with @ character in autocomplete and contacts widget (#8098)
- Fix Firefox infinate loading display on mail screen (#8128)
- Fix converting >1MB of HTML content into plain text (#8137)
- Fix bug where expanding a group in the recipient input could corrupt the input content (#7569)
- Fix fatal error/warning on invalid input to user parameter (#8152)
- Fix changing password with dovecot_passwdfile driver (#8145)
- Fix handling of headers that occur multiple times by show_additional_headers plugin (#8157)
- Fix bug where vertical scrollbar in new HTML message bounced back on scroll (#8046)
- Fix displaying inline images with incorrectly declared content-type (#8158)
- Fix so addr-spec with missing closing angle bracket can be parsed (#8164)
- Fix handling of spellcheck connection errors (#8172)
- Fix a couple of PHP8 warnings (#8175, #8176)
- Fix bug where "from my contacts" and "from trusted senders" values were mixed up (#8177)
- Fix password/token length check on OAuth login (#8178)
- Fix XSS issue in handling attachment filename extension in mimetype mismatch warning (#8193)
- Fix SQL injection via some session variables
- Fix handling of dark_mode_support:false setting in skins meta.json (#8186)
- Fix security issues regarding server name and trusted_host_patterns setting

暂无

暂无

暂无