Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package roundcubemail for openSUSE:Factory checked in at 2025-12-22 22:52:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/roundcubemail (Old) and /work/SRC/openSUSE:Factory/.roundcubemail.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "roundcubemail" Mon Dec 22 22:52:26 2025 rev:90 rq:1324199 version:1.6.12 Changes: -------- --- /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail.changes 2025-06-02 22:00:59.514294485 +0200 +++ /work/SRC/openSUSE:Factory/.roundcubemail.new.1928/roundcubemail.changes 2025-12-22 22:56:04.021910012 +0100 @@ -1,0 +2,26 @@ +Mon Dec 15 13:38:36 UTC 2025 - Lars Vogdt <[email protected]> + +- update to 1.6.12 + This is a security update to the stable version 1.6 of Roundcube Webmail. + It provides fixes to recently reported security vulnerabilities: + + + Fix Cross-Site-Scripting vulnerability via SVG's animate tag + reported by Valentin T., CrowdStrike. + + Fix Information Disclosure vulnerability in the HTML style + sanitizer reported by somerandomdev. + + This version is considered stable and we recommend to update all + productive installations of Roundcube 1.6.x with it. + + + Support IPv6 in database DSN (#9937) + + Don't force specific error_reporting setting + + Fix compatibility with PHP 8.5 regarding array_first() + + Remove X-XSS-Protection example from .htaccess file (#9875) + + Fix "Assign to group" action state after creation of a first group (#9889) + + Fix bug where contacts search would fail if contactlist_fields contained vcard fields (#9850) + + Fix bug where an mbox export file could include inconsistent message delimiters (#9879) + + Fix parsing of inline styles that aren't well-formatted (#9948) + + Fix Cross-Site-Scripting vulnerability via SVG's animate tag + + Fix Information Disclosure vulnerability in the HTML style sanitizer + +------------------------------------------------------------------- Old: ---- roundcubemail-1.6.11-complete.tar.gz roundcubemail-1.6.11-complete.tar.gz.asc New: ---- roundcubemail-1.6.12-complete.tar.gz roundcubemail-1.6.12-complete.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ roundcubemail.spec ++++++ --- /var/tmp/diff_new_pack.KJbHQ8/_old 2025-12-22 22:56:04.721938882 +0100 +++ /var/tmp/diff_new_pack.KJbHQ8/_new 2025-12-22 22:56:04.725939046 +0100 @@ -1,7 +1,7 @@ # # spec file for package roundcubemail # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %define roundcubeconfigpath %{_sysconfdir}/%{name} Name: roundcubemail -Version: 1.6.11 +Version: 1.6.12 Release: 0 Summary: A browser-based multilingual IMAP client License: BSD-3-Clause AND GPL-2.0-only AND GPL-3.0-or-later ++++++ roundcubemail-1.6.11-complete.tar.gz -> roundcubemail-1.6.12-complete.tar.gz ++++++ ++++ 2689 lines of diff (skipped)
