On 2013-03-27 16:09, Daniel Kahn Gillmor wrote:
On 03/27/2013 06:02 PM, Thomas Bruederli wrote:
After getting reports about a possible vulnerability of Roundcube
which allows an attacker to modify its users preferences in a way
that
he/she can then read files from the server, we now published updated
packages as well as patches that fix this security issue.
Please update all your Roundcube installations with the new versions
(0.9-rc2, 0.8.6, 0.7.4) or patch them with the published patches.
Thanks for this work. I don't yet see the tags for these releases in
the git repo at https://github.com/roundcube/roundcubemail
maybe someone needs to "git push --tags" ?
If it would be possible to sign the tags when creating them, that
would
be very much appreciated :)
It's probably a mute point, but I see the tags, they're just not
prefixed by 'v' like the rest.
Thanks for roundcube!
I second that!
~David
_______________________________________________
Roundcube Development discussion mailing list
dev@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
