Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package roundcubemail for openSUSE:Factory checked in at 2026-03-23 17:14:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/roundcubemail (Old) and /work/SRC/openSUSE:Factory/.roundcubemail.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "roundcubemail" Mon Mar 23 17:14:57 2026 rev:92 rq:1341982 version:1.6.14 Changes: -------- --- /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail.changes 2026-02-09 11:44:07.419674637 +0100 +++ /work/SRC/openSUSE:Factory/.roundcubemail.new.8177/roundcubemail.changes 2026-03-23 17:17:11.375210288 +0100 @@ -1,0 +2,15 @@ +Mon Mar 23 08:46:12 UTC 2026 - Lars Vogdt <[email protected]> + +- update to 1.6.14 + This is a security update to the stable version 1.6 of Roundcube Webmail. + + Fix Postgres connection using IPv6 address (#10104) + + Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler + + Security: Fix bug where a password could get changed without providing the old password + + Security: Fix IMAP Injection + CSRF bypass in mail search + + Security: Fix remote image blocking bypass via various SVG animate attributes + + Security: Fix remote image blocking bypass via a crafted body background attribute + + Security: Fix fixed position mitigation bypass via use of !important + + Security: Fix XSS issue in a HTML attachment preview + + Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts + +------------------------------------------------------------------- Old: ---- roundcubemail-1.6.13-complete.tar.gz roundcubemail-1.6.13-complete.tar.gz.asc New: ---- roundcubemail-1.6.14-complete.tar.gz roundcubemail-1.6.14-complete.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ roundcubemail.spec ++++++ --- /var/tmp/diff_new_pack.DJ73ve/_old 2026-03-23 17:17:12.967276502 +0100 +++ /var/tmp/diff_new_pack.DJ73ve/_new 2026-03-23 17:17:12.971276668 +0100 @@ -20,7 +20,7 @@ %define roundcubeconfigpath %{_sysconfdir}/%{name} Name: roundcubemail -Version: 1.6.13 +Version: 1.6.14 Release: 0 Summary: A browser-based multilingual IMAP client License: BSD-3-Clause AND GPL-2.0-only AND GPL-3.0-or-later ++++++ roundcubemail-1.6.13-complete.tar.gz -> roundcubemail-1.6.14-complete.tar.gz ++++++ ++++ 7243 lines of diff (skipped)
