[RCU] Update 1.6.1 released

2023-01-23 Thread Thomas Bruederli 
Dear subscribers

We just released the first service update to the new stable version 1.6.
It provides a bunch of small fixes and improvements after getting your
feedback from the 1.6.0 release. See the full changelog in the release notes
 on the
Github download page.

This release is considered stable and we recommend to update all productive
installations of Roundcube with this version. Download it from roundcube.net
. Please do backup your data before
updating!
Upgrading the Complete Package

Attention when upgrading Roundcube using the complete package!

The installto.sh script does not update the vendor folder of the
installation target. If you’re not using Composer to install plugins or
other dependencies, please remove the composer.json file of your Roundcube
installation before running the installto.sh script.

If you have Composer installed, run composer update --no-dev to complete
the upgrade.

Kind regards,

Thomas & Alec
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Update 1.5.3 released

2022-06-26 Thread Thomas Bruederli 
Dear subscribers

We just published the third service release to update the stable version
1.5. It provides a bunch of small fixes and improvements for the PHP8
compatibility. See the full changelog in the release notes on the Github
download page: https://github.com/roundcube/roundcubemail/releases/tag/1.5.3

This release is considered stable and we recommend to update all productive
installations of Roundcube with this version. Download it from
https://roundcube.net/download.
Please do backup your data before updating!

Kind regards
Thomas & Alec
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube webmail 1.6 beta released

2022-03-06 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the beta release for the next major version 1.6 of
Roundcube webmail.
With this milestone we cleaned up the code and bring full support for PHP
8.1. The most noteworthy changes are:

   - PHP 8.1 support
   - Dropped support for PHP < 7.3
   - Support responses (snippets) in HTML format
   - Option to purge deleted mails older than 30, 60 or 90 days
   - Unified and simplified services connection config options
   - Removed the Classic and Larry skins from the release packages
   - SQLite: Use foreign keys, require SQLite >= 3.6.19

Adding support for PHP 8.1 again required some refactoring of the Roundcube
codebase and removing/replacing now deprecated PHP code. We also used this
cleaning efforts and simplified Roundcube's config options a bit.

*Breaking Changes*
Some config options have either been removed or renamed. Read the details
in the release announcement
 on our
website or in the release notes
.

If you used the Larry or the Classic skin in your deployment, you need to
install them manually as they are no longer part of the release packages.
They can easily be installed via Composer. See the full changelog in the
release notes on the Github download page
.

This is a beta release and we recommend to test it on a separate
environment. Download it from roundcube.net
. Migrate existing configs with either the
installto.sh or the update.sh scripts. And don't forget to backup your data
before installing it.

Cheers,
Thomas & Alec
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.5.0 released

2021-10-18 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the final release of the next major version 1.5 of
Roundcube webmail. With this milestone we introduce new features and full
PHP 8.0 support. The most noteworthy additions are:

   - Dark mode for Elastic skin
   - OAuth2/XOauth support (with plugin hooks)
   - Collected recipients and trusted senders
   - Moving recipients between inputs with drag & drop
   - Full unicode support with MySQL database
   - Support of IMAP LITERAL- extension RFC 7888
   
   - Support of RFC 2231 
   encoded names
   - Cache refactoring

See the full changelog in the release notes
 on the
Github download page.

We also disabled the spell checking feature using spell.roundcube.net by
default because some privacy concerns were raised. It now needs to be
enabled explicitly by setting the enable_spellcheck config option to true.

In case you’re running Roundcube directly from source or if you’re not
using the complete package, you need to install 3rd party PHP and
JavaScript modules manually. See this post for more details
.

This release is considered stable and we encourage you to update your
productive installations after carefully testing the upgrade scenario.
Download it from roundcube.net .

With the release of Roundcube 1.5.0, the previous stable release branches
1.4.x and 1.3.x will change into LTS low maintenance mode which means they
will only receive important security updates but no longer any regular
improvement updates. The 1.2.x series is no longer supported and maintained.

Kind regards

Alec & Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Spell checking service is back online

2021-09-29 Thread Thomas Bruederli 
Dear subscribers

After the recent announcement

about the death of spell.roundcube.net, we received a number of offers from
internet service providers around the globe who offered their support to
continue the free spell checking service for Roundcube.

Now we’re happy to announce that we could establish a new sponsoring with
HostingU2  from the Netherlands and that
spell.roundcube.net is back online.

Although we can again support existing Roundcube installations with their
default settings for spell checking, we still encourage you to re-configure

Roundcube to use PHP’s pspell
 or enchant
 API with a locally
installed aspell library. We have also created a Docker image
 allowing you to
run your own instance of the former Google Spell Check service as we do.

Kind regards,

Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.5 beta released

2021-02-28 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the beta release for the next major version 1.5 of
Roundcube webmail. With this milestone we introduce new features and
long-awaited improvements. The most noteworthy additions are:

   - PHP 8.0 support
   - OAuth2/XOauth support
   - Dark mode for Elastic skin
   - Collected recipients and trusted senders
   - Moving recipients between inputs with drag & drop
   - Full unicode support with MySQL database
   - Cache refactoring

Adding support for PHP 8 required some deep refactoring of the Roundcube
codebase which started with early PHP 5 versions. However, this refactoring
also was a bit of a cleaning procedure and resulted in more testable
components.

In case you’re running Roundcube directly from source or if you’re not
using the complete package, you need to install 3rd party javascript
modules using the bin/install-jsdeps.sh script. With this release the
toolchain required to build a functional package has changed a bit:

   - bin/jsshrink.sh: replaced google-closure-compiler with UglifyJS
   - bin/cssshrink.sh: replaced yuicompressor with csso
   - Elastic theme: require lessc >= 2.5.2 (and add support for v4) with
   less-plugin-clean-css

See the full changelog in the release notes
 on the
Github download page.

This is a beta release and we recommend to test it on a separate
environment. And don’t forget to backup your data before installing it.
Download it from roundcube.net .

If you intend to test new Roundcube with OAuth2, have a look at this wiki
page 
.

We also have some Docker images

available for quick testing and evaluation.

Kind regards,

Alec & Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security update 1.4.11 released

2021-02-08 Thread Thomas Bruederli 
Dear subscribers

We just published a service and security update to the stable version 1.4
of Roundcube Webmail.
It provides a fix for a recently reported stored XSS vulnerability as well
a some general improvements from our issue tracker.

*Security fix*
Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Credits go to Mateusz Szymaniec (CERT Polska).

See the full changelog in the release notes on the Github download page:
https://github.com/roundcube/roundcubemail/releases/tag/1.4.11

This release is considered stable and we recommend to update all productive
installations of Roundcube with this version.
Download it from https://roundcube.net/download/

Please do backup your data before updating!

Best,
Alec & Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security updates 1.4.10, 1.3.16 and 1.2.13 released

2020-12-27 Thread Thomas Bruederli 
Dear subscribers

We just published security updates to the stable version 1.4 and the LTS
versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a
recently reported stored XSS vulnerability found and kindly reported by
Alex Birnberg (birnberga...@gmail.com).

The 1.4.10 release also contains a few general improvements from our issue
tracker.

See the full changelogs in the release notes on the Github download pages
for the updated versions:
https://github.com/roundcube/roundcubemail/releases/tag/1.4.10
https://github.com/roundcube/roundcubemail/releases/tag/1.3.16
https://github.com/roundcube/roundcubemail/releases/tag/1.2.13

We strongly recommend to update all productive installations of Roundcube
with these new versions.
Download them from https://roundcube.net/download/

Best wishes and a happy new year!
Alec & Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.4.9 released

2020-09-28 Thread Thomas Bruederli 
Dear subscribers

We proudly announce yesterday's release of version 1.4.9. It's a service
update to the stable version 1.4 of Roundcube Webmail.
It contains fixes and general improvements from our issue tracker, mainly
related to email composition and UI oddities in Elastic skin and with the
TinyMCE richtext editor. See the full changelog in the release notes on the
Github download page [1].

This version is considered stable and we recommend updating all productive
installations of Roundcube with it.
Download the latest tarballs from https://roundcube.net/download

Best,
Alec & Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.9
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security updates 1.4.8, 1.3.15 and 1.2.12 released

2020-08-10 Thread Thomas Bruederli 
Dear subscribers

We just published security updates to the stable version 1.4 and the LTS
versions 1.3 and 1.2 of Roundcube Webmail.
They all contain two recently reported cross-site scripting (XSS)
vulnerabilities. The 1.4.8 release also contains a number of general
improvements from our issue tracker [1].

Security fixes:
* Fix cross-site scripting (XSS) via HTML messages with malicious svg
content (CVE-2020-16145)
* Fix cross-site scripting (XSS) via HTML messages with malicious math
content

Credits for these two findings go to Łukasz Pilorz from Pentesters [2].

See the full changelogs in the release notes on the Github download pages
for the updated versions.

We strongly recommend updating all productive installations of Roundcube
with these new versions. Download the latest tarballs from
https://roundcube.net/download

Best,
Alec & Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.8
[2] https://www.pentesters.pl/
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security updates 1.4.7, 1.3.14 and 1.2.11 released

2020-07-05 Thread Thomas Bruederli 
Dear subscribers

We just published security updates to the stable version 1.4 and the LTS
versions 1.3 and 1.2 of Roundcube Webmail.
They all contain a recently reported cross-site scripting (XSS)
vulnerability via HTML messages with malicious svg/namespace.
Credits for this finding go to SSD Secure Disclosure [1].

The 1.4.7 release also contains a number of general improvements from our
issue tracker.
See the full changelog in the release notes on the Github download page [2].

We strongly recommend to update all productive installations of Roundcube
with these new versions.
Download the latest tarballs from https://roundcube.net/download

Best,
Alec & Thomas

[1] https://ssd-disclosure.com/
[2] https://github.com/roundcube/roundcubemail/releases/tag/1.4.7
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security updates 1.4.5 and 1.3.12

2020-06-07 Thread Thomas Bruederli 
Dear subscribers

We recently published service and security updates to the stable version
1.4 and the LTS version 1.3 of Roundcube Webmail.
They contain four fixes for recently reported security vulnerabilities as
well a number of general improvements from our issue tracker.

Security fixes:
- Fix XSS issue in template object username **
- Fix cross-site scripting (XSS) via malicious XML attachment *
- Fix a couple of XSS issues in Installer **
- Better fix for CVE-2020-12641

The latter two vulnerabilities again are related to public access to the
Roundcube installer and are therefore classified minor. See the full
changelogs in the release notes on the Github download pages [1] and [2].

In addition to the security releases 1.4.5 and 1.3.12 we today pushed
follow-up releases containing one single fix for the installer’s test step
which was broken with the former security update.

We strongly recommend to update all productive installations of Roundcube
with this new versions.
Download the latest packages from https://roundcube.net/download

Best,
Thomas & Alec

* Credits to the security researcher Matei “Mal” Badanoiu
** Credits to the security researcher LoRexxar@knownsec 404Team

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.5
[2] https://github.com/roundcube/roundcubemail/releases/tag/1.3.12
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security updates 1.4.4, 1.3.11 and 1.2.10 released

2020-04-29 Thread Thomas Bruederli 
Dear subscribers

We just published service and security updates to the stable version 1.4
and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They contain four
fixes for recently reported security vulnerabilities as well a number of
general improvements from our issue tracker.

Security fixes:
- Cross-Site Scripting (XSS) via malicious HTML content
- CSRF attack can cause an authenticated user to be logged out
- Remote code execution via crafted config options
- Path traversal vulnerability allowing local file inclusion via crafted
‘plugins’ option

The latter two vulnerabilities are classified minor because they only
affect Roundcube installations with public access to the Roundcube
installer. That’s generally a high-risk situation and is expected to be
rare or practically non-existent in productive Roundcube deployments.
However, the fixes are done in core in order to also prevent from future
and yet unknown attack vectors.

See the full changelogs in the release notes on the Github download pages
[1].
Download the updated packages from https://roundcube.net/download

We strongly recommend to update all productive installations of Roundcube
with this new versions.

Best,
Thomas & Alec

[1] https://github.com/roundcube/roundcubemail/releases
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Update 1.4.2 released

2020-01-01 Thread Thomas Bruederli 
Dear subscribers

We start the year 2020 with the second service release to update the brand
new Roundcube Webmail version 1.4.

It contains fixes and improvements reported since the release of version
1.4.0. See the full changelog in the release notes on the Github download
page [1].

This release is considered stable and we recommend to update all productive
installations of Roundcube with this version. Download it from
https://roundcube.net/download.

Please do backup your data before updating.

Happy New Year everybody!

Alec & Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.2
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Update 1.4.1 released

2019-11-22 Thread Thomas Bruederli 
Dear subscribers

Short time after the release of the stable version 1.4.0 of Roundcube
Webmail we already publish the first service release. With the recent
release we missed to mention a few breaking changes since the last stable
version 1.3. We apologize for this and are now clarifying and correcting
these:

Breaking changes

(since 1.3.x)

* new defaults for smtp_* config options:

Upon many requests and in order to get closer to the default setup of most
SMTP servers, we changed the defaults as follows:

  // SMTP port (default is 587)
  $config[‘smtp_port’] = 587;

  // SMTP username (if required). %u will use the current username for login
  $config[‘smtp_user’] = ‘%u’;

  // SMTP password (if required). %p will use the current user’s password
for login
  $config[‘smtp_pass’] = ‘%p’;

* changed default password_charset to UTF-8:

Because of many complaints, we decided to choose a more sane default that
covers most setups and configurations.

* login page returning 401 Unauthorized status:

The new behavior that Roundcube 1.4 returns a 401 status code if the client
is not authenticated apparently was very unexpected and lead to monitoring
problems. Despite not having mentioned that change in the release notes, we
now partly reverted it so that 401 is only returned on login failures but
not on the first request to Roundcube which by definition is unauthorized.

Besides these three major concerns we heard from your much appreciated
feedback, we fixed a number of nasty bugs that sneaked into the 1.4.0
release. See the full changelog in the release notes on the Github download
page [1].

This release is considered stable and we recommend to update all productive
installations of Roundcube with this version. Download it from roundcube.net
[2].

Please do backup your data before updating.

We'd also like to thank Phil for his steady efforts to keep our website
up-to-date. Your work is much appreciated!

Best,
Thomas & Alec

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.1
[2] https://roundcube.net/download
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.4.0 - Elastic released

2019-11-09 Thread Thomas Bruederli 
Dear subscribers

It's a big honor for me to announce the final release of the long awaited
major version 1.4 of Roundcube webmail.
After more than two years of hard work by Alec and other volunteer
contributors, Roundcube finally gets the responsive skin with full mobile
device support - the Elastic.

In addition to the new UI we introduce these new features:

* Email Resent (Bounce) feature
* Improved [Mailvelope](https://www.mailvelope.com) integration
* Support for Redis and Memcached cache
* Support for SMTPUTF8 and GSSAPI

Plus numerous improvements and bug fixes collected from your precious
feedback as well as updates to recent versions of 3rd party libraries like
jQuery and TinyMCE. See the full changelog in the release notes on the
Github download page [1].

The new Elastic theme, which is the new default skin, is built with LESS
and of course the sources are included. They allow a certain degree of
customization by adjusting some colors and variables using the
`_styles.less` and `_variables.less` files. Please consider customizing
your Roundcube installation in order to make phishing [2] harder. You'll
find guidance in the README.md file inside the skin folder.

This release is considered stable and we encourage you to update your
productive installations after carefully testing the upgrade scenario and
preparing your users to the significant changes in their webmail UI.
Download it from https://roundcube.net/download.

With the release of Roundcube 1.4.0, the previous stable release branches
1.3.x and 1.2.x will change into LTS low maintenance mode which means they
will only receive important security updates but no longer any regular
improvement updates. The 1.1.x series is no longer supported and maintained.

Kind regards,
Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4.0
[2] https://roundcube.net/news/2019/10/28/phishing-alert
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.4 Release Candidate 2

2019-09-16 Thread Thomas Bruederli 
Dear subscribers

We just published the long awaited second release candidate for the next
major version 1.4 of Roundcube webmail. Many fixes, improvements and final
touches have gone into this since the first release candidate was
published. Check the Changelog [1] for a complete list of changes.

We waited for some promised contributions which unfortunately never arrived
but we now feel confident to call the new Elastic skin complete and ready
to be officially released.

As we’re moving towards the final release, we strongly encourage everybody
to customize the Elastic skin using the _styles.less and _variables.less
files to blend into your corporate design. You’ll find guidance for
customization in the README.md file inside the skin folder.

Rolling out a new and significantly different user interface should be
carefully planned and we recommend to prepare your users for the change.
Therefore the Elastic theme is not set to be the default theme. Adjust your
config in order to enable it by default or let your users switch themselves
in the user settings.

Please note that the Classic skin will no longer be maintained and
completely removed in future releases. Within the 1.4 release series, the
Classic skin remains part of the package but it will not receive new
features that were added to the Larry or Elastic themes.

This is still a preview release and we recommend to test it on a separate
environment. And don’t forget to backup your data before installing it.

Download it from https://roundcube.net/download and keep on submitting bugs
and send us your feedback.

Best,

Alec & Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4-rc2
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.3.10 released

2019-08-29 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the next service release to update the stable version
1.3.

It contains fixes to several bugs backported from the master branch
including minor security fixes around CSS and HTML cleanup.

See the full changelog in the release notes on the Github download page [1].

This release is considered stable and we recommend to update all productive
installations of Roundcube with this version.
Download it from https://roundcube.net/download.

Best,
Alec & Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.3.10
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.4 RC1 released

2019-02-28 Thread Thomas Bruederli 
Dear subscribers

We just published a first release candidate for the next major version 1.4
which has now been in development for quite a while. Although the new
responsive Elastic skin is now functional and feature complete, it still
lacks the final brush-up to make it shine. We have now finally found a
volunteer to work on this and once completed, a second release candidate
will follow.

For now you’re all invited to give the new 1.4 version another test run.
Besides the responsive theme it comes with lots of new features and
improvements since the beta release. Check the Changelog [1] for a complete
list of changes.

Please also try customizing the Elastic skin using the _styles.less and
_variables.less files and let us know what’s missing.
You’ll find guidance in the README.md file inside the skin folder.

Because we don’t yet consider the Elastic theme fully complete, it’s not
set to be the default theme. Adjust your config in order to enable it with

  $config['skin'] = 'elastic';

This is a beta release and we recommend to test it on a separate
environment.
And don’t forget to backup your data before installing it.

Download it from https://roundcube.net.

Cheers,
Thomas & Alec

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4-rc1
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.3.8 released

2018-10-26 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the next service release to update the stable version
1.3.

It contains fixes to several bugs backported from the master branch
including a security fix for a reported XSS vulnerability plus updates to
ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP,
Dovecot and MySQL 8.

See the full changelog in the release notes on the Github download page [1].

This release is considered stable and we recommend to update all productive
installations of Roundcube with this version. Download it from
https://roundcube.net.

Best,
Alec & Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.3.8
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.4 beta released

2018-08-25 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the beta release of the next major version 1.4 of
Roundcube webmail.
With this milestone we introduce some new features:

* New responsive skin with mobile support
* Email Resent (Bounce) feature
* Improved Mailvelope integration
* Support for Redis cache
* Support for SMTPUTF8

See the full changelog in the release notes on the Github download page [1].

Thanks to the tremendous effort Alec has put into the new skin, we finally
managed solve the most urgent issue and make Roundcube accessible to the
growing number of mobile and tablet devices. We'd also like to thank Kolab
Systems for sponsoring some of Alec's working hours to the project.

Because the new responsive skin is not yet fully completed, it’s not
enabled by default. In order to make it the default for your users, change
your config.inc.php accordingly:

  $config['skin'] = 'elastic';

As an alternative, the plugin elastic4mobile [2] makes it the default for
mobile devices while keeping the configured default for desktop browsers.

The Elastic skin is built with LESS and of course the sources are included.
They allow a certain degree of customization by adjusting some color
variables [3]. All you need is to compile your very own customized skin
with lessc.

This is a beta release and we recommend to test it on a separate
environment. And don’t forget to backup your data before installing it.
Download it from https://roundcube.net/download/#beta

Please report bugs to our Github issue tracker [4] and check for duplicates
before hitting the submit button.

== New Logo and Website Design ==

As you may have noticed, the appearance of the Roundcube website has
changed a while ago and it's also responsive now ;-)
Many thanks to Phil Weir for re-coding the entire website and submitting a
proper pull request!

The new Elastic skin also brings a reshaped logo which has now been added
to our website.
The new logo was kindly designed and contributed by DRU Design [5]. Kudos!

Kind regards,
Thomas



[1] https://github.com/roundcube/roundcubemail/releases/tag/1.4-beta
[2] https://plugins.roundcube.net/packages/roundcube/elastic4mobile
[3]
https://github.com/roundcube/roundcubemail/blob/master/skins/elastic/styles/colors.less
[4] https://github.com/roundcube/roundcubemail/issues
[5] https://github.com/drudesign
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Update 1.3.7 released

2018-07-27 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the next service release to update the stable version
1.3. It contains fixes to several bugs backported from the master branch
including a security fix mitigating the EFAIL issue recently discovered in
OpenPGP. See the full changelog in the release notes on the Github download
page [1].

This release is considered stable and we recommend to update all productive
installations of Roundcube with this version. Download it from
https://roundcube.net.

And there are more good news ahead: the long awaited responsive theme for
Roundcube, codename "elastic", has now matured and we'll publish a beta
release with the new skin soon. For a quick preview you can already pull
the Docker container roundcube/roundcubemail:elastic which bundles the
current git master version with the elastic theme enabled.

Best,
Alec & Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.3.7
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Cannot access to roundcube UI

2018-07-21 Thread Thomas Bruederli 
The message actually says it all: *Could not connect to ssl://localhost:993*.
Check if postfix actually listens on port 993 for 127.0.0.1 or try other
settings for $config['default_host'].

~Thomas


On Fri, Jul 20, 2018 at 5:28 PM Aziz  wrote:

> Hi RC users,
>
>
> I installed roundcube with postfix, but I'm unable to access it, it's
> giving an error message "connexion to storage server error", however I'm
> able to connect to my postfix server using outlook.
>
> my roundcube config file contains the following values :
>
> $config['db_dsnw'] = 'mysql://user:mypassword@localhost/mydatabase';
> $config['default_host'] = 'ssl://localhost';
> $config['default_port'] = 993;
>
>
> $config['smtp_server'] = 'tls://localhost';
> $config['smtp_port'] = 587;
>
> In the logs I found the following error :
>
> *Login failed for us...@mycompany.com  from
> 66.162.222.19. Could not connect to ssl://localhost:993: Unknown reason in
> /var/www/mail/roundcubemail/program/lib/Roundcube/rcube_imap.php on line
> 196 (POST /roundcubemail/?_task=login&_action=login)*
>
>
> BR
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Change label for login input field "username"

2018-07-21 Thread Thomas Bruederli 
Hello Konrad

This simplest way to achieve this is to modify the localization file(s) and
change the value for $labels['username']. This change however, has be
repeated after every update of Roundcube and should be applied with a patch
file. A more complication approach is to create a custom skin which
replaces the login.html template. The downside here is, that the login form
itself is created by an internal function and would need to be re-built by
hand inside that login template. See
https://github.com/roundcube/roundcubemail/wiki/Skins for details about
this.

Best,
Thomas


On Sat, Jul 21, 2018 at 11:48 AM  wrote:

> Hi,
>
> At the moment, my RC installation ask the user to provide "Username" and
> "Password" during the login. Can this be changed to "eMail-Address" and
> "Password"? The login already works with provided either one of these
> two, so I would just like to change the label itself, nothing else.
>
> Thanks
> Konrad
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
>
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] End of Life for 1.2?

2018-04-12 Thread Thomas Bruederli 
Hi Peter

As it was already pointed out, we promised updates to older versions
in our announcement message and we'll keep words.

Usually when somebody discovers a vulnerability like the recent one,
we're getting contacted with private messages and together with the
reporter we'd then coordinate the public communication once updates to
all supported versions are available and ready to roll out. This time,
however, the reporter chose to use public channels to inform about the
issue and even published an article on medium.com about his findings
before we were able to establish proper fixes for all supported
versions of Roundcube. Therefore we decided to push out an update for
1.3 as we always encourage people to run the latest stable version.
Updates for the 1.2 and even 1.2 series will follow soon.

As an immediate measure to protect your 1.2 installation, you can
disable the archive plugin until an update is available.

Kind regards,
Thomas



On Thu, Apr 12, 2018 at 3:42 AM, Mike Burger  wrote:
> Not to worry...1.2 will be covered.
>
> About 11 minutes before you sent this email, an announcement email came out
> about the fix for 1.3.6 and at the end, noted:
>
> "We strongly recommend to update all productive installations of Roundcube
> with this new version.
> Updates for older LTS versions will follow soon."
>
> On 2018-04-11 4:55 pm, Peter Thomassen wrote:
>>
>> Hi,
>>
>> Today, security update 1.3.6 was released, but there was no update for
>> the 1.2 line. In November, there was an update for 1.2 (and even 1.1).
>>
>> Now, I am wondering whether 1.2 has reached its end of life, or whether
>> the security issue only affected 1.3.
>>
>> How can I find out the support cycles for the various lines? I couldn't
>> manage to figure it out on the web site.
>>
>> Thanks!
>>
>> Best,
>> Peter
>>
>> ___
>> Roundcube Users mailing list
>> users@lists.roundcube.net
>> http://lists.roundcube.net/mailman/listinfo/users
>
>
> --
> Mike Burger
> http://www.bubbanfriends.org
>
> "It's always suicide-mission this, save-the-planet that. No one ever just
> stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security Update 1.3.6 released

2018-04-11 Thread Thomas Bruederli 
Dear subscribers

We just published a security update to the stable version 1.3. It
primarily  fixes a recently reported IMAP command injection
vulnerability caused by insufficient input validation within the
archive plugin. Details about the vulnerability are published under
CVE-2018-9846.

Additionally, we back-ported some minor fixes from the master branch
which improve PHP 7.2 compatibility as well as PGP signing and key
handling for those who use the Enigma plugin.

See the full changelog in the release notes on the Github download page:
https://github.com/roundcube/roundcubemail/releases/tag/1.3.6

We strongly recommend to update all productive installations of
Roundcube with this new version.
Updates for older LTS versions will follow soon.

And as usual: please do backup your data before updating!

Best,
Alec & Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Useradd to MySQL

2018-04-02 Thread Thomas Bruederli 
Such a record is created upon the first login in Roundcube.
Authentication is done at the email server via IMAP and Roundcube user
records are only used to store some metadata for the web client like
personal address books, preferences, caches, etc.

~Thomas

On Sat, Mar 31, 2018 at 12:05 PM, Andreas Meyer  wrote:
> Hello!
>
> I just stumble a bit understanding at what time a user is added to
> the db-table roundcubemail/users.
>
> Usually my users are stored in the db mailbox at the server.
>
> Is the db roundcubemail used at all then?
>
> Kind regards
>
>   Andreas
>
> --
> PGP-Fingerprint: D392 5D21 0299 63D7 5BAE 4562 1E56 B2EA 81A2 59F1
>
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.3.5 released

2018-03-15 Thread Thomas Bruederli 
Dear subscribers

We proudly announce a new service release to update the stable version
1.3. It contains fixes to some issues which we backported from the
master branch. One can be called a minor security fix as it fixes
blocking of remote content on specially crafted style tags.

See the full changelog in the release notes on the Github download page [1].

This release is considered stable and we recommend to update all
productive installations of Roundcube with this version. Download it
from https://roundcube.net.

And stay tuned for the upcoming 1.4 beta release which will include a
preview to the new "Elastic" theme.
Apropos: we're still looking for a volunteer designer to do the final
polishing on the new skin. Read about the progress of the Elastic skin
in Alec's blog [2].

Best,
Thomas & Alec


[1] https://github.com/roundcube/roundcubemail/releases/tag/1.3.5
[2] https://kolabian.wordpress.com/tag/elastic/
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] My roundcube email

2018-02-07 Thread Thomas Bruederli 
Dear Sharon

I think you wrote to the wrong people. We don't host your e-mails and we're
not responsible for the system you're using to access them. Please contact
your internet hosting provider or IT responsible for first level support.
If you don't know who this might be please review your bills and see who
you are paying for email or web hosting services.

Roundcube is not a service but free software which your hosting provider
installed on their servers.

Best regards,
Thomas


On Mon, Feb 5, 2018 at 7:22 PM, Maarten  wrote:

> roundcube is just a mail client, do you see any mails being received in
> your maillogs by your mta(postfix, sendmail,..?) If you do but no mail is
> showing up or loading into you client that the problem could be a problem
> with your roundcube config or a problem with your imap server setup to
> retrieve the mails into your client. When was it last working, did you
> change anything?
>
> On 02/05/2018 06:44 PM, Sharon Canovali wrote:
>
> Hi!
> I'm wondering if anyone can help me get my email straightened out. I've
> had challenges from the start and greatly fear I've lost business because
> it's the address on my business cards, but I am unable to receive ANY
> emails. The account is so clogged emails won't even load. I can't even
> clean it up, or do anything.  
> I appreciate any help you can give. Thank you, so much.
>
>
> ___
> Roundcube Users mailing 
> listusers@lists.roundcube.nethttp://lists.roundcube.net/mailman/listinfo/users
>
>
>
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
>
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail Update 1.3.4 released

2018-01-14 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the next service release to update the stable version 1.3.
It contains fixes to several bugs reported by our dear community
members and makes Roundcube now fully compatible with PHP 7.2.

See the full changelog in the release notes [1] on our Github download page.

This release is considered stable and we recommend to update all
productive installations of Roundcube with this version.
Download it from https://roundcube.net/download.

And as usual: please do backup your data before updating!

New: starting with version 1.3.3 we also publish Roundcube releases as
Docker images. The images are still considered BETA and your feedback
with regards to setup, configuration and documentation is much
appreciated.

Best,
Alec & Thomas


[1] https://github.com/roundcube/roundcubemail/releases/tag/1.3.4
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Cron files

2017-12-10 Thread Thomas Bruederli 
On Thu, Dec 7, 2017 at 4:29 PM, Ulli Heist
 wrote:
> Hello,
>
> sometimes I’m doing manuel:
>
> $SQL = "SELECT * FROM `contacts` WHERE `del` = 1 AND
> DATE_ADD(`changed`,INTERVAL 45 DAY) < NOW() ";
>
> ...

We have `bin/cleandb.sh` in Roundcube that does exactly this ;-)

This and the already mentioned `bin/gc.sh` should do it for periodic clean-ups.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security updates 1.3.3, 1.2.7 and 1.1.10 released

2017-11-08 Thread Thomas Bruederli 
Dear subscribers

We just published updates to all stable versions from 1.1.x onwards
delivering fixes for a recently discovered file disclosure
vulnerability in Roundcube Webmail.

Apparently this zero-day exploit is already being used by hackers to
read Roundcube’s configuration files. It requires a valid
username/password as the exploit only works with a valid session. More
details will be published soon under CVE-2017-16651.

The Roundcube series 1.0.x is not affected by this vulnerability but
we nevertheless back-ported the fix in order to protect from yet
unknown exploits.

See the full changelog for the according version in the release notes
on the Github download pages:

https://github.com/roundcube/roundcubemail/releases/tag/1.3.3
https://github.com/roundcube/roundcubemail/releases/tag/1.2.7
https://github.com/roundcube/roundcubemail/releases/tag/1.1.10
https://github.com/roundcube/roundcubemail/releases/tag/1.0.12

We strongly recommend to update all productive installations of
Roundcube with either one of these versions.

In order to check whether your Roundcube installation has been
compromised check the access logs for requests like

?_task=settings&_action=upload-display&_from=timezone

As mentioned above, the file disclosure only works for authenticated
users and by finding such requests in the logs you should also be able
to identify the account used for this unauthorized access. For
mitigation we recommend to change the all credentials to external
services like database or LDAP address books and preferably also the
'des_key' option in your config.

Kind regards
Alec & Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail Update 1.3.2 released

2017-10-31 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the second service release to update the stable version 1.3.
It contains fixes to several bugs reported by you, our dear community
members as well as translation updates synchronized from Transifex.

We also changed the wording for the setting that controls the time
after which an opened message is marked as read. This was previously
only affecting messages being viewed in the preview panel but now
applies to all means of opening a message. That change came with 1.3.0
an apparently confused many users. Some translation work is still
needed here.

See the full changelog in the release notes [1] on our Github download page.

This release is considered stable and we recommend to update all
productive installations of Roundcube with this version.
Download it from https://roundcube.net/download.

And as usual: please do backup your data before updating!

Best,
Alec & Thomas


[1] https://github.com/roundcube/roundcubemail/releases/tag/1.3.2
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Dynamic host with password plugin

2017-09-16 Thread Thomas Bruederli 
On Fri, Sep 15, 2017 at 11:15 AM, Jorge Bastos  wrote:
> Thomas,
>
> I'm thinking in a possible workarround until this feature appears.
>
> Can you tell me the place where I could write a file on the server with the 
> value of %h, and I'll read it in password plugin's config.inc.php
> About the PHP code I can do it, I just need to know the best/correct place in 
> Roundcube to save it.
>
> I'm thinking of saving it with the name "tmpfile" + username + remote_ip + 
> ticks

As you can see in the fix for your feature request ticket [1] that is
already in git master, there's no need to save a file for that. The
information is stored in session and the handy function
`rcube_utils::parse_host()` will do the magic of replacing the %X vars
for you.

Best,
Thomas

[1] https://github.com/roundcube/roundcubemail/commit/148ccda88ab79
[2] 
https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_utils.php#L555
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Dynamic host with password plugin

2017-09-14 Thread Thomas Bruederli 
Hello Jorge

Please have a look into the Multi Domain Setup configuration
capabilities for Roundcube:
https://github.com/roundcube/roundcubemail/wiki/Configuration:-Multi-Domain-Setup

Although it's not as dynamic as the %h parameter which refers to the
host name chosen in the drop-down menu on the login page but you can
maintain different configurations for virtual hosts all pointing to
the same Roundcube installation.

Regards,
Thomas



On Tue, Sep 12, 2017 at 9:44 PM, Jorge Bastos  wrote:
> Howdy,
>
>
>
> I’m making my multi-server instalation ready, but I’m facing just one small
> issue, that is with password plugin.
>
>
>
> So, in config.inc.php of it I have:
>
>
>
> config['password_db_dsn'] =
> 'mysql://webmail:bdkddz@192.168.69.222/postfix';
>
>
>
> but, as I’m using in roundcube’s config.inc.php “dynamic” host:
>
>
>
> $config['default_host'] = 'mail.%s';
>
>
>
> Can I have in the password plugin config.inc.php the same variable?
>
> (I can use same user/password/db on both servers for password change)
>
>
>
> Thanks in advanced,
>
>
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] [RCD] Update 1.2.6 released

2017-09-11 Thread Thomas Bruederli 
On Sun, Sep 10, 2017 at 6:55 PM, Reindl Harald  wrote:
> AND WHERE IS THE -complete tarball?

You can find it here:
https://github.com/roundcube/roundcubemail/releases/tag/1.2.6

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Update 1.2.6 released

2017-09-10 Thread Thomas Bruederli 
Dear subscribers

We just published a service and security update to the stable version 1.2.
It contains some important bug fixes and improvements which we picked
from the upstream branch.

See the full changelog in the release notes on the Github download page [1].

This release is considered stable and we recommend to update all
productive 1.2.x installations of Roundcube with this version.
Download it from Github via https://roundcube.net/download.

Please remember to backup your data before updating!

Cheers,
Alec & Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.2.6
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Roundcube Webmail Update 1.3.1 released

2017-09-06 Thread Thomas Bruederli 
On Tue, Sep 5, 2017 at 5:18 PM, micah  wrote:
> Will these security fixes be available for the 1.2 series?
>
> I want to upgrade to 1.3, but rushing an upgrade to get potential XSS
> issues resolved is not the best.

Yes, an update to the 1.2 series is on the way...

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Roundcube Webmail Update 1.3.1 released

2017-09-05 Thread Thomas Bruederli 
On Mon, Sep 4, 2017 at 10:12 PM, Egbert  wrote:
> Thanks for your ongoing effort to make this product even better.
>
> I wonder if I can update directly from 1.2.4 to 1.3.1 or are there road
> blocks ahead?

That should be possible without problems.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail Update 1.3.1 released

2017-09-04 Thread Thomas Bruederli 
Dear subscribers

We just published the first service release to update the stable
version 1.3 which is the result of some touching-up on the new
features introduced with the 1.3.0 release. For example it brings back
the double-click behavior to open messages which was reduced to the
list-only view. Or because the switch to change the mail view layout
was a bit hidden, we also added it to the preferences section.

The update also includes fixes to reported bugs and one potential XSS
vulnerability as well as optimizations to smoothly run on the latest
version of PHP.

See the full changelog in the release notes [1] on the Github download page.

This release is considered stable and we recommend to update all
productive installations of Roundcube with this version.
Download it from https://roundcube.net/download.

Please do backup your data before updating!

Best,
Alec & Thomas


[1] https://github.com/roundcube/roundcubemail/releases/tag/1.3.1
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Roundcubemail 1.3 and IMAP Idle

2017-08-15 Thread Thomas Bruederli 
On Thu, Aug 10, 2017 at 7:04 PM, Davide Perini
 wrote:
> Last posts on that thread was written in 2015 so I hoped that something
> changed meanwhile.
> Older roundcube with phpmail was able to detect a new mail instantly like
> the IMAP idle.
> This can be considered a regression over previous versions.

Nope. Roundcube never supported IMAP idle du to the nature of single
HTTP requests and short-living PHP processes. I don't know what you're
referring to but I don't see a regression here.

> In data 10 agosto 2017 11:16:57 AM Vincent Van Houtte  ha
> scritto:
>>
>> Google has (once again) all the answers:
>>
>> https://github.com/roundcube/roundcubemail/issues/1813

This issue basically is a request for websocket support 'cause that's
the only way how to propagate updates from the IMAP server (with IDLE)
directly to the client. The Roundcube codebase isn't ready for that
and actually Roundcube Next was intended to get such a feature.

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Roundcube Webmail 1.3.0 released

2017-06-30 Thread Thomas Bruederli 
On Wed, Jun 28, 2017 at 10:00 AM, José M. Martín  wrote:
> After upgrading to 1.3 from 1.2.5 I'm having this issue when any message is
> open:
>
> Fatal error: Call to undefined function Q() in
> /srv/www/htdocs/roundcubemail/plugins/automatic_addressbook/automatic_addressbook.php
> on line 68
>
> I can skip it disabling the automatic_adressbook plugin in the config file,
> but I would like to keep it. Maybe my plugins are outdated?

We kindly requested the plugin developers to update their plugins with
the deprecation changes starting with 1.2 already. Seems like the
automatic_addressbook has been updated accordingly:

  https://github.com/sblaisot/automatic_addressbook/commit/618b0812b626

You should get update it, preferably use the plugin installer for that.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.3.0 released

2017-06-26 Thread Thomas Bruederli 
Dear subscribers

We proudly announce the stable version 1.3.0 of Roundcube Webmail
which is now available for download.
With this milestone we introduce new features since the 1.2 version:

- Widescreen layout aka Three Column View
- Possibility to display QR code for contacts data
- New identicon plugin [1]
- Attach contact vCards to composed message
- Support WEBP images and MathML preview
- Preview, download and rename attachments when composing a message
- Message/rfc822 attachment preview
- Various Enigma (PGP) and Managesieve plugin improvements
- “Flattened” the Larry theme giving it a fresher look

Plus security and deployment improvements:

- Improve randomness of password salts and random hashes
- Fixed redundancy in sql caching system and compatibility with Galera Cluster

And finally some code-cleanup:

- Dropped support for legacy browsers (IE < 10; removed legacy_browser plugin)
- Require PHP >= 5.4
- Removed PHP mail() support
- Removed 3rd party javascript libraries from the repository
- Require jQuery 3.x which has breaking changes to older versions

IMPORTANT: The code-cleanup part brings major changes and possibly
incompatibilities to your existing Roundcube installations.
So please read the Changelog [2] carefully and thoroughly test your
upgrade scenario.

Please note that Roundcube 1.3

1. no longer runs on PHP 5.3
2. no longer supports IE < 10 and old versions of Firefox, Chrome and Safari
3. requires an SMTP server connection to send mails
4. uses jQuery 3.2 and will not work with current jQuery mobile plugin

With the release of Roundcube 1.3.0, the previous stable release
branches 1.2.x and 1.1.x will switch in to LTS low maintenance mode
which means they will only receive important security updates but no
longer any regular improvement updates.

See the complete Changelog in our wiki [2] and download the new
packages from https://roundcube.net/download.

Roundcube 1.3.0 is considered stable and we recommend to update all
productive installations of Roundcube. As usual, don’t forget to
backup and test with your custom plugins.

Best,
Alec & Thomas

[1] https://en.wikipedia.org/wiki/Identicon
[2] https://github.com/roundcube/roundcubemail/wiki/Changelog
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Import E-mail Size Limit

2017-05-19 Thread Thomas Bruederli 
The max upload files size is determined and limited by the php.ini settings
you already listed. There's no other way to influence these and to
distinguish between attachment upload and message import.

~Thomas

On Wed, May 3, 2017 at 7:30 PM, Webert de Souza Lima 
wrote:

> Hello,
>
> when importing eml messages in roundcube, it shows the maximum file size
> permitted.
> By the value I see (30MB), I assume it is the same file size set for the
> e-mail attachments.
>
> Those should be different thought, as the eml might have a lot of text +
> attachments.
>
> Is that so? If not, how can I change that settings?
>
> I'm using this phpfpm-mail to control size:
>
>  - upload_max_filesize = 30M
>  - post_max_size = 100M
>
>
>
> Regards,
>
> Webert Lima
> DevOps Engineer at MAV Tecnologia
> *Belo Horizonte - Brasil*
>
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
>
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] How to export all contacts to a cvs file

2017-05-16 Thread Thomas Bruederli 
As an alternative you can run the exported VCard file through a converter
tool like this: http://labs.brotherli.ch/vcfconvert/

Best,
Thomas


On Tue, May 16, 2017 at 6:14 PM, Jo Roseborough <
j...@sandpointcommunityresource.com> wrote:

> Thank you, but I have no idea what to do with the links you sent me. I
> will explore other options.
> ---
> Jo Roseborough
> j...@sandpointcommunityresource.com
> -
> Sandpoint Community Resource Center
> 231 N. Third Ave.
> Sandpoint, ID  83864
> www.sandpointcommunityresource.com
> 208-597-3937 <(208)%20597-3937> (cell)
> 208-920-1840 <(208)%20920-1840> (office)
>
>
>
> On 2017-05-15 23:03, A.L.E.C wrote:
>
> On 15.05.2017 22:01, Jo Roseborough wrote:
>
> I need to export my address book as a cvs file for importing into a
> different email program (not Outlook). I am not finding any information
> in the forum or on your website about how to do that. Can you assist me?
>
>
> You may try this plugin
> https://git.kolab.org/diffusion/RPK/browse/roundcubemail-plugins-kolab-3.
> 2/plugins/csv_export/
> but it's not really supported.
>
>
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
>
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security updates 1.2.5, 1.1.9 and 1.0.11 released

2017-04-28 Thread Thomas Bruederli 
Dear subscribers

We just published updates to all stable versions 1.x delivering important
bug fixes and improvements which we picked from the upstream branch.

The updates primarily fix a recently discovered vulnerability in the
virtualmin and sasl drivers of the password plugin (CVE-2017-8114). More
details about this vulnerability will be published soon by the reporter.
Security-wise the update is therefore only relevant for those installations
of Roundcube using the password plugin with either one of these drivers.

See the full changelog for the according version in the release notes on
the Github download pages:

https://github.com/roundcube/roundcubemail/releases/tag/1.2.5
https://github.com/roundcube/roundcubemail/releases/tag/1.1.9
https://github.com/roundcube/roundcubemail/releases/tag/1.0.11

All versions are considered stable and we recommend to update all
productive installations of Roundcube with either of these versions.

As usual, don’t forget to backup your data before updating!

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Release Candidate for version 1.3 available for download

2017-04-26 Thread Thomas Bruederli 
Dear subscribers

We proudly announce that the feature-complete release candidate for the
next major version 1.3 of Roundcube webmail is now available for final
testing.

After dropping support for older browsers and PHP versions and adding some
new features like the widescreen layout, the release candidate finalizes
that work and also fixes two security issues (updates for stable versions
will follow) plus adds improvements to the Managesieve and Enigma plugins.

We also slightly polished the Larry theme to make it look a little less
2010 :-)
Although the default theme still doesn’t work on mobile devices, a fully
responsive skin is currently being worked on.

As a reminder: if you’re installing the dependent package or run Roundcube
directly from source, you now need to install the removed 3rd party
javascript modules by executing the following install script:

  $ bin/install-jsdeps.sh

With the upcoming stable release of 1.3.0 the old 1.x series will only
receive important security fixes.

As usual, see the complete Changelog in our wiki [1] and download the new
packages from https://roundcube.net/download.

Please note that this is a release candidate and we recommend to test it on
a separate environment. And don’t forget to backup your data before
installing it.

Kind regards,
Thomas


[1] https://github.com/roundcube/roundcubemail/wiki/Changelog
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] ***URGENT*** SMTP Error (535): Authentication failed error!

2017-04-20 Thread Thomas Bruederli 
Hi

I'm sorry but you wrote to the wrong people. We don't host your e-mails and
we're not responsible for the system you're using to access them. Please
contact your internet hosting provider or IT responsible for first level
support. If you don't know who this might be please review your bills and
see who you are paying for email or web hosting services.

Roundcube is not a service but free software which your hosting provider
installed on their servers.

Best regards,
Thomas


On Mon, Apr 10, 2017 at 8:31 AM, Nilo Hontucan <
nilo.hontu...@quintessentially.com> wrote:

> Dear Team,
>
>
>
> Could someone please help me for this error in my MAC and webmail?
>
>
>
> I can received email but I couldn’t send an email using my account.
>
>
>
> Email Address: ale...@setaiinvestments.com
>
>
>
> Thanks,
>
>
>
> NILO HONTUCAN
>
> IT Manager
>
> [image: Description: Description: Description: Description: Description:
> Description: Description: Description: Description: Description:
> https://www.quintessentially.com/signature/q_typography.png]
>
> PO Box 37167 Dubai, UAE
>
> *t. *+97144376838 <+971%204%20437%206838> *m. *+971544792674
> <+971%2054%20479%202674>
>
> www.quintessentially.com
>
> *[image: Description: Description: Description: Description: Description:
> Description: Description: cid:image002.jpg@01D227B1.01A32750]*
>   *[image: Description:
> Description: Description: Description: Description: Description:
> Description: cid:image003.jpg@01D227B1.01A32750]*
>   *[image: Description: Description:
> Description: Description: Description: Description: Description:
> cid:image005.jpg@01D227B1.01A32750]*
>   *[image: Description:
> Description: Description: Description: Description: Description:
> Description: cid:image004.jpg@01D227B1.01A32750]*
> 
>
>
>
>
> --
> This email message has been delivered safely and archived online by
> Mimecast.
> For more information please visit http://www.mimecast.com
> --
>
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.0.10 released

2017-04-09 Thread Thomas Bruederli 
Dear subscribers

We just recently published a security update to the LTS version 1.0. It
contains some important fixes and improvements we backported from the
master version. See the details in the release notes [1].

This release is considered stable and we recommend to update all productive
installations of Roundcube 1.0.x with this version if you're unable to
upgrade to a more recent series. Download it from GitHub via
https://roundcube.net/download.

As usual, don’t forget to backup your data before updating!

Best,
Thomas

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.0.10
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Security updates for LTS version 1.0.x

2017-03-31 Thread Thomas Bruederli 
Hello Rainer

The 1.0.x series is not affected as it doesn't support SVG elements but the
fix for that particular issue was a rather general one and we'll publish an
update to that series soon.

Best,
Thomas


On Mon, Mar 27, 2017 at 10:30 AM, Security  wrote:

> Hello,
> will there be a security update for the vulnerability CVE-2017-6820 (
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6820)?
>
> The roundcube web page announces a "low maintenance" support of version
> 1.0.x.
> As far as I know this version isn't officially discontinued and  not out
> of support, is it?
>
> Thanks in advance,
> Rainer
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
>
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Updates 1.2.4 and 1.1.8 released

2017-03-10 Thread Thomas Bruederli 
Dear subscribers

We just published another update to both stable versions 1.2 and 1.1
delivering important bug fixes and improvements which we picked from the
upstream branch.

Included is a fix for a recently reported XSS vulnerability within CSS
styles inside an SVG tag. See the full changelog for 1.2.4 in the wiki [1]
and for version 1.1.8 in the release notes [2].

Both versions are considered stable and we recommend to update all
productive installations of Roundcube with either of these versions.
Download them from GitHub via https://roundcube.net/download.

As usual, don't forget to backup your data before updating!

Best,
Thomas


[1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123
[2] https://github.com/roundcube/roundcubemail/releases/tag/1.1.8
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Creating new email address from existing account

2017-01-19 Thread Thomas Bruederli 
Hi

I'm sorry but you wrote to the wrong people. We don't host your e-mails and
we're not responsible for the system you're using to access them. Please
contact your internet hosting provider or IT responsible for first level
support. If you don't know who this might be please review your bills and
see who you are paying for email or web hosting services.

Roundcube is not a service but free software which your hosting provider
installed on their servers.

Best regards,
Thomas


On Thu, Jan 5, 2017 at 12:41 AM, Wes Gonzalez 
wrote:

> Hello,
>
> I'm not sure if this is the right place to be emailing, but I recently
> started this new job that uses Webmail/Roundcube and they're asking me to
> create a new work email address for another new employee.  The employee I
> replaced created all of the email addresses so no one at my work knows how
> to and any help would be greatly appreciated.
>
> Thank you,
>
>
> Wes
>
>
>
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Mobile view

2016-12-14 Thread Thomas Bruederli 
On Mon, Dec 5, 2016 at 9:23 PM, Curtis Vaughan  wrote:
> I've installed the Melanie2 plugin/skin for RoundCube. Wondering if anyone
> else has. After installing it, however, the interface is not like that shown
> on the website. It's mostly all text. Obviously there is something that
> needs to be tweeked, but not sure what. Can anyone help?

Not sure what's the difference when installing Roundcube from the
Ubuntu repos. What does your browser error console say? Also analyze
the source code of the HTML page and find what css files are loaded.

Just make sure the jquery_mobile plugin is not activated in config.
It's loaded as a dependency for the mobile view but would mess up the
UI when always loaded. See
https://roundcubeinbox.wordpress.com/2016/04/26/roundcube-for-mobile-devices/
for reference.

Best,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Updates 1.2.3 and 1.1.7 released

2016-11-28 Thread Thomas Bruederli 
Dear subscribers

We just published another update to the both stable versions 1.2 and
1.1 delivering important bug fixes and improvements which we picked
from the upstream branch.

Included is a fix for a recently revealed security issue when using
PHP's mail() function. It has been discovered and kindly reported by
Robin Peraglie using the static code analyzer RIPS [1] and more
details along with a CVE number will be published shortly.

See the full changelog for 1.2.3 in the wiki [2]. Version 1.1.7 is a
security update fixing the mail() issue and thus only relevant to
Roundcube installations not having an SMTP server configured for mail
delivery.

Both versions are considered stable and we recommend to update all
productive installations of Roundcube with either of these versions.
Download them from GitHub via https://roundcube.net/download.

As usual, don't forget to backup your data before updating!

Best,
Thomas


[1] https://www.ripstech.com/
[2] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Reverse order inside threads?

2016-07-27 Thread Thomas Bruederli 
Hi Ken

Please note that threads (as opposed to chronological Gmail-style
conversations) are tree-like structures starting with one initial
message  -the root. One cannot inverse the order of a tree to start at
the leaves where there are possibly multiple from different branches.

~Thomas


On Mon, Jul 25, 2016 at 5:12 AM, Ken D'Ambrosio  wrote:
> Hey, all.  While I love the threaded view, I don't love the order it sorts
> in.  I'm vastly more interested (say) in the fact that Jane sent me an
> e-mail 10 minutes ago, than the fact that Tim started the thread two weeks
> ago.  Is there any way to reverse the order?
>
> Thanks!
>
> -Ken
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Update 1.2.1 published

2016-07-26 Thread Thomas Bruederli 
Dear subscribers

We just published the first service release to update the stable
version 1.2. It contains some important bug fixes and improvements in
the recently introduced Enigma plugin for PGP encryption. See the
detailed Changelog in the wiki [1] or on the the release page [2].

This release is considered stable and we recommend to update all
productive installations of Roundcube with this version. Download it
from GitHub via https://roundcube.net/download.

As usual, don’t forget to backup your data before updating!

Best,
Thomas


[1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-121
[2] https://github.com/roundcube/roundcubemail/releases/tag/1.2.1
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.2.0 released

2016-05-22 Thread Thomas Bruederli 
Dear subscribers

Today we proudly announce the stable version 1.2.0 of Roundcube
Webmail which is now available for download. It introduces new
features since version 1.1 covering security and PGP encryption
topics:

- PHP7 compatibility
- PGP encryption
- Drag-n-drop attachments from mail preview to compose window
- Mail messages searching with pre-defined date interval
- Improved security measures to protect from brute-force attacks

And of course plenty of small improvements and bug fixes.

There wasn't much feedback on the 1.2-beta version and the release
candidate which we consider a good sign. Some cleanup and
stabilization of the Enigma plugin just happened for the now stable
version.

As already announced with the 1.2-beta release [1], PGP encryption
comes in two flavors: client-side using the Mailvelope browser
extension and server-side with the Enigma plugin using GnuPG on the
server.

Support with the Mailvelope browser plugin comes out of the box and is
automatically enabled if the Mailvelope API is detected in a user’s
browser. The Mailvelope documentation [2] explains how to enable it
for your site.

The features of the Enigma plugin, which comes with the release
package and simply needs to be activated for your Roundcube
installation are explained in Alec's blog post [3].

With the release of Roundcube 1.2.0, the previous stable release
branches 1.0.x and 1.1.x will switch in to LTS low maintenance mode
which means they will only receive important security updates but no
longer any regular improvements from upstream.

See the complete Changelog in our wiki [4] and download the new
packages from https://roundcube.net/download.

Roundcube 1.2.0 is considered stable and we recommend to update all
productive installations of Roundcube. As usual, don’t forget to
backup your data before updating ;-)

Best,
Thomas


[1] https://roundcube.net/news/2015/11/23/roundcube-webmail-1.2-beta-out-now
[2] https://www.mailvelope.com/en/help#watchlist
[3] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/
[4] https://github.com/roundcube/roundcubemail/wiki/Changelog
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Published Updates 1.1.5 and 1.0.9

2016-04-20 Thread Thomas Bruederli 
Dear subscribers

We just published updates to both stable versions 1.0 and 1.1
delivering important bug fixes and helps protecting Roundcube against
more XSS and CSRF attacks. Version 1.1.5 also has two new plugin hooks
integrated and version 1.0.9 comes with cherry-picked fixes from the
more recent version to ensure proper long term support.

See the full changelog in the wiki [1] and the selection for 1.0.9 on
the release page [2].

Both versions are considered stable and we recommend to update all
productive installations of Roundcube with either one of these
versions. Download them from GitHub via
https://roundcube.net/download.

As usual, don’t forget to backup your data before updating!

Best,
Thomas


[1] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
[2] https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Release candidate for 1.2 out now

2016-04-13 Thread Thomas Bruederli 
Hello folks

Roundcube 1.2 is pretty much complete and after adding some
last-minute improvements we just published a release candidate to give
it another round of testing before we slap the 'stable' tag on it. We
hereby invite you all to test the release candidate and report
remaining bugs to our issue tracker.

The most important features we added in 1.2 are:

* PHP7 compatibility
* PGP encryption in two flavours
* Improved security measures to protect from brute-force and CSRF attacks

See the full Changelog in our wiki:
https://github.com/roundcube/roundcubemail/wiki/Changelog

Download the packages or the signed source directly from Github:
https://github.com/roundcube/roundcubemail/releases/tag/1.2-rc

Please note that we recommend to test it on a separate environment.
And don't forget to backup your data before installing it.

Another note: with the upcoming stable release of 1.2.0 the old 1.0.x
and the 1.1.x series will only receive important security fixes.
Updates to these two branches are to be released soon. So stay tuned!

Best,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Trac platform migrated to Github

2016-03-20 Thread Thomas Bruederli 
Dear subscribers

After many ups and downs with our Trac platform which hosted our wiki
and the ticket system for years now, we finally migrated the data over
to Github where we already host the git repositories. Therefore,

  on March 25th 2016 the trac.roundcube.net site will be shut down

Starting today, the site is in read-only mode meaning that user logins
and ticket reporting have been disabled already.

This means that submitting new tickets now goes through Github and so
does the roadmap planning and overview. The entry point for that is
our Github project page at https://github.com/roundcube/roundcubemail

Today we just migrated 4.8K tickets from the Trac database to Github
issues [1], leaving the invalid and duplicate ones behind.
Unfortunately the ticket numbers could not be kept and have all been
re-assigned. The original trac ticket numbers are mentioned in the
migrated issue body and can be used for searching. We'll also install
a redirect service which will translate old Trac urls to the
corresponding issue pages.

The wiki will also be translated into Github markdown pages. There's
some manual reviewing involved in order to update or remove outdated
information during this process. Please give us some more days to
complete that task.

Thank you for your understanding and see you on Github

Best,
Thomas


[1] https://github.com/roundcube/roundcubemail/issues
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] use_https issue

2016-01-18 Thread Thomas Bruederli 
On Mon, Jan 18, 2016 at 1:55 AM, Brendan Kearney  wrote:
> i have 2 apache instances behind HAProxy, where HAProxy is running the HTTPS
> and load balancing to RCM in the clear.  i have set the 'use_https' option
> to true, and it works in most cases.  i have found an exception and i wanted
> to see if this has been fixed in more recent versions.
>
> if i browse to https://host.domain.tld/roundcubemail (note https, with no
> trailing slash), i am redirected to
> http://host.domain.tld/roundcubemail/ (note not https, with trailing slash).
>
> if i correct the http:// to https:// everything works and all pages are
> secured.  it seems that only the redirect to the URI with the trailing slash
> is where this comes up.

The redirect from /roundcubemail to /roundcubemail/ is done by Apache
and doesn't yet hit Roundcube and its use_https logic. Thus not a
Roundcube issue and nothing we could fix on our side. You need to
teach Apache to redirect to https.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] 1.2 beta not decrypting emails

2016-01-11 Thread Thomas Bruederli 
On Mon, Jan 11, 2016 at 9:19 AM, Krystian  wrote:
> it does nothing, just shows crypted message, but when I press Mailvelope
> plugin it decrypts it.

You have to explicitly enable the API use for your site in the
mailvelope settings:
https://www.mailvelope.com/en/help#watchlist
>
> So it dosent really works for me.

It just works the old way, doesn't it?

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] S/MIME done!

2016-01-02 Thread Thomas Bruederli 
On Mon, Dec 28, 2015 at 2:04 PM, Владимир Горпенко  wrote:
> Hi!

Hello Vladimir

Sorry for the late reply but I've been trying to stay away from the
keyboard for some days now and give priority to family and friends.

> So, I did it!
> Before the end of the year, as promised.
>
> S/MIME encryption, decryption, signing and signature verification works.
> Of course, this is not the final version.  ))

That's great news and we're all keen on getting to see it.
>
> 3 modules of RC were changed. I had to add some new hooks and use one
> deprecated hook.
>
> I made a separate plugin to work with certificates and keys. Now I have a
> very simple plugin that uses files to store keys and certificates.
>
> I hope that the developers of the RC show interest in my work.

Of course we are! The recent 1.2-beta release was all about adding
encryption to Roundcube and while we cover PGP now, S/MIME is still
missing. In order to get the PGP stuff into Roundcube we also had to
touch the core code in some places and I expect to do the same for
proper S/MIME support.

In any case, we'd like to SEE your proposed changes and preferably
also your crypto plugin in order to understand the use-case and to
analyze if the changes could be useful for other modules too and
whether they might need some polishing.

So please fork our github repository, apply your changes to your fork
and then submit a pull request via github. Please always work with git
master version. We'll care about backporting to older release branches
later.

Please publish your S/MIME plugin on a repo of your choice and send
the link to the mailing list.

> I am also ready to transfer texts and discuss the work done.

For translations, I suggest you push the localization files to
Transifex. We can also add a resource for your plugin to Roundcube's
Transifex project in order to benefit from our existing network of
translators.

Many thanks and we're looking forward to see your work.

Best,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] S/MIME done!

2016-01-02 Thread Thomas Bruederli 
On Sat, Jan 2, 2016 at 10:49 AM, Владимир Горпенко  wrote:
> Hi
>
> I know about development list. I have subscribed to this list a few weeks
> ago. It looks completely dead.
> When I needed information about developing, I tried to ask a question on
> that list. There was no answer.

I'm very sorry for that! Our main developers apparently have been busy
with other things and didn't find time to respond to your requests.
We'll try to do better in the new year.

> I have written here for information only, as I hope, that this information
> may be interesting.
>
> Regarding the creation of a separate branch of RC, that's impossible. I have
> a lot of work, and I can not carry the whole project.
> I was engaged in this task for two or three months only because it was
> necessary for my work.
> I think there are three more options.
>
> 1. Simple and realistic. Developers RC found my fix unacceptable. RC will be
> developed according to their plans, my problem is solved. All the rest are
> waiting for Enigma or other plugin.
>
> 2. Practical, but ugly. Developers agree with my patch, I bring plugins to
> the minimum complete form and put them in any repo.
>
> 3. Fantastic. Somebody takes the trouble to explain me how to do everything
> without my corrections. Perhaps we find a better way to solve the problem. I
> rework my plugins, and put them in a repo.

We're all in for that. But in order to do so, it's best if you publish
your work somewhere so that interested people can actually look at it
and make suggestions. Even of your plugins require changes to
Roundcube core, you can still publish them with a big fat warning and
a link to the patches that need to be applied to Roundcube first. This
will at least allow us or anybody else to explore your work.
>
> Maybe someone who is engaged in the solution of this problem, wants to take
> advantage of my results. I am ready to help.
>
> Maybe someone needed S/MIME encryption so that he wants to use my design in
> the form in which it exist. I am ready to help.

Our preferred goal is to integrate S/MIME encryption into the enigma
plugin. And your work might be very valuable for this. So don't
hesitate to show it.

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] replication problems with database_attachments plugin

2016-01-02 Thread Thomas Bruederli 
On Tue, Dec 29, 2015 at 8:30 PM, micah <mi...@riseup.net> wrote:
>
> Micah Anderson <mi...@riseup.net> writes:
>
>> Thomas Bruederli <thomas-tzjs5fsp0j0qczcgjlu...@public.gmane.org>
>> writes:
>>
>>> On Sat, Dec 19, 2015 at 1:30 AM, Micah Anderson 
>>> <micah-sgozh3hwpm2stnjn9+b...@public.gmane.org> wrote:
>>>
>>> This should not happen. All INSERT/UPDATE/DELETE queries go to dsnw
>>> and also subsequent reads from the same PHP process should use that
>>> connection in order to not hit any replication delays. Can you log all
>>> SQL queries and compare that with the replication log?
>
> So I turned on the general global query log on the slave (SET global
> general_log = 1;) and waited for replication to break again. Eventually
> it failed again and I looked at what queries were done on the replicated
> slave that were not SELECT queries and found these:
>
> (in case the formatting is impossible to read, you can view these on
> this pastebin: https://share.riseup.net/#aqcIrGmnJ_2LmC2EtphXCQ)
>
> [...]
>
> As you can see, there are UPDATE and DELETE queries for the 'cache' and
> 'users' tables (last_login and preferences).

Hmm, that doesn't look good. Can you maybe share your database
connection config options with us?
Config options 'db_dsnw', 'db_dsnr', 'db_dsnw_noread', 'db_persistent'
and 'db_table_dsn' are relevant for this. Replace sensitive
information accordingly before posting them here.

The decision which connection to use is made in rcube_db::dsn_select()
https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_db.php#L241

This is done for each query and we need to investigate if there's a
major issue in this part of the code. Although you're the first to
report problems like this...

> To work around this, I've done:
>
> REVOKE ALL PRIVILEGES ON `roundcube`.* FROM 'roundcube'@'localhost'
> GRANT SELECT on `roundcube`.* TO 'roundcube'@'localhost';
> flush priviledges;
>
> But obviously something is wrong here.

That's not the preferred way to do it and will probably result in
database failures due to missing prifileges.
>
>>> You might look into the 'db_table_dsn' config option:
>>> https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L48
>>>
>>> This was added for exactly this case. You can define 'r' or 'w'
>>> connections to be used on a per-table basis.
>>
>> Thanks for that, although I don't quite understand how this works, the
>> example you linked to seems to be related to the cache table, and it has
>> 'r' set for cache, cache_index, cache_thread and cache_messages... what
>> does this example do? It sets that table read-only on the master? How
>> does this allow configuration on a per-table basis?
>
> I'm still curious about how this config option works, I understand
> holidaze, etc. just dont want to lose this part in the thread :)

Yeah, sorry for the delay.

Anyway, the 'db_table_dsn' property holds a map of table names and
connection identifiers. You can set either 'r' for using the 'db_dsnr'
or 'w' for using the 'db_dsnw' connection for all interactions with
the according table. This will overrule the default determination
whether to use the read or write connection.

The example given in the default config would keep all cache data in
the local database. In such a scenario, you would not create these
tables on the master and therefore also not replicate them to the
slaves.

However, the database_attachments plugin uses the cache table for
storing the uploaded attachments. This is something you want to share
amongst all nodes and therefore you should not be using this
configuration for the 'cache' table.

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security Updates 1.1.4 and 1.0.8 released

2015-12-26 Thread Thomas Bruederli 
Dear Roundcube users

We just published updates to both stable versions 1.0 and 1.1
delivering important bug fixes one of which seals a potential path
traversal vulnerability [1] recently reported by High-Tech Bridge
Security Research Lab. Although the vulnerability is not fully
disclosed yet, the attack scenario requires an active Roundcube
account as well as write privileges on the same host Roundcube is
served from (without open_basedir protection).

A second security improvement adds some measures against brute-force attacks.
See the full changelog here:
http://trac.roundcube.net/wiki/Changelog#RELEASE1.1.4

Both versions are considered stable and we recommend to update all
productive installations of Roundcube with either of these versions.
Download them from https://roundcube.net/download

If you prefer to patch your installation for the path traversal
vulnerability only, we also published patches on our download mirrors
for versions 1.0 [2] and 1.1 [3].

As usual, don't forget to backup your data before updating!

Thanks for all your support and happy new year!

Thomas

[1] https://www.htbridge.com/advisory/HTB23283
[2] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/1.0.8/
[3] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/1.1.4/
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] replication problems with database_attachments plugin

2015-12-22 Thread Thomas Bruederli 
On Sat, Dec 19, 2015 at 1:30 AM, Micah Anderson  wrote:
>
> Hi,
>
> I've got the database_attachments plugin enabled because I have multiple
> machines with a memcached session store. It seems to work fairly
> well... except that I am replicating the database to a read-only slave
> for redundancy (and read-balancing) and the replication keeps breaking.
>
> The slave will get this error:
>
> Could not execute Delete_rows event on table roundcube.cache; Can't find
> record in 'cache', Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND;
> the event's master log mysql-bin.000151, end_log_pos 182376
>
> I've got a db_dnsw and db_dnsr configured in my roundcube config, could
> it be that roundcube is also writing to the db_dnsr causing entries to
> be removed on the slave, and then when the replication happens it fails
> because it has been removed on the slave already?

This should not happen. All INSERT/UPDATE/DELETE queries go to dsnw
and also subsequent reads from the same PHP process should use that
connection in order to not hit any replication delays. Can you log all
SQL queries and compare that with the replication log?

> I tried to look at mysql-bin.000151 for the 182376 event, but couldn't
> find it.
>
> Ideally, I wouldn't even replicate the roundcube.cache table, because
> its a *lot* of data, but if I dont replicate it, I suspect the db_dnsr
> would fail to find the records?

You might look into the 'db_table_dsn' config option:
https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L48

This was added for exactly this case. You can define 'r' or 'w'
connections to be used on a per-table basis.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Changing columns and order in $config['list_cols'] doesn't work

2015-12-22 Thread Thomas Bruederli 
Hello Phil

What you can set in config is just the default for (new) users. The
columns shown can be changed in the mail view by clicking the gear
icon in the message table header. And you can adjust the order of the
columns by simply dragging and dropping them with the mouse. See
http://docs.roundcube.net/doc/help/1.1/en_US/mail/mailview.html#change-message-list-columns

Kind regards,
Thomas


P.S. Don't ever change defaults.inc.php but add options to
config.inc.php instead. The defaults file will be replaced with every
update.

On Fri, Dec 18, 2015 at 11:23 PM, Philip Rhoades  wrote:
> People,
>
> I have logged out of RCM, changed the defaults.inc.php file on the server,
> restarted the dovecot service and logged back into RCM (all a couple of
> times now) but the displayed columns and order do not change . . am I
> missing something? - I want the little '+' thread icon as the first column
> again . .
>
> Thanks,
>
> Phil.
> --
> Philip Rhoades
>
> PO Box 896
> Cowra  NSW  2794
> Australia
> E-mail:  p...@pricom.com.au
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.2-beta out now

2015-11-23 Thread Thomas Bruederli 
We're proud to announce that the beta release of the next major
version 1.2 of Roundcube webmail is out now for download and testing.
With this milestone
we introduce new features primarily focusing on security and PGP encryption:

* PHP7 compatibility
* PGP encryption
* Drag-n-drop attachments from mail preview to compose window
* Mail messages searching with predefined date interval
* Improved security measures to protect from brute-force attacks

And of course plenty of small improvements and bug fixes.

The PGP encryption support in Roundcube comes with two options:

Mailvelope
--
The integration of this browser plugin [1] for Firefox and Chrome
comes  out of the box in Roundcube 1.2 and is enabled if the
Mailvelope API is detected in a user's browser. See the Mailvelope
documentation [2] how to enable it for your site.

Read more about the Mailvelope integration and how this looks like in
Alec's blog [3].

Enigma plugin
---
This Roundcube plugin adds server-side PGP encryption features to
Roundcube. Enabling this means that users need to fully trust the
webmail server as encryption is done on the server GnuPG and private
keys are also stored there.

In order to activate server-side PGP encryption for all your users,
the 'enigma' plugin, which is shipped with this package, has to be
enabled in the Roundcube config. See the plugin's README for details.

Also read Alec's blogpost about the Enigma plugin and how it works [4].

Both encryption features are pretty new and not yet perfectly
documented. We'd much appreciate your feedback and your contribution
to the end-user documentation [5] or our wiki page [6].

IMPORTANT: with this version, we finally deprecate some old Roundcube
library functions [7]. Plugin developers, please test your plugins
thoroughly and look for deprecation warnings in the logs. These
function will be removed in the final 1.2.0 release and can therefore
render plugins dysfunctional.

See the full changelog on trac.roundcube.net [8] and download the new
packages from https://roundcube.net/download

Please note that this is a beta release and we recommend to test it on
a separate environment. And don't forget to backup your data before
installing it!

Enjoy and please share your experience either through our mailing
lists or as comments in the blog posts mentioned above.

Kind regards,
Thomas


[1] https://www.mailvelope.com
[2] https://www.mailvelope.com/en/help#watchlist
[3] 
https://kolabian.wordpress.com/2015/10/10/mailvelope-integration-pgp-encryption/
[4] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/
[5] http://trac.roundcube.net/wiki/Online_Help
[6] http://trac.roundcube.net/wiki/Dev_Encryption
[7] 
https://github.com/roundcube/roundcubemail/blob/master/program/include/bc.php
[8] http://trac.roundcube.net/wiki/Changelog
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Updates 1.1.3 and 1.0.6 released

2015-09-18 Thread Thomas Bruederli 
Sorry y'all! Of course the subject should read "Updates 1.1.3 and
1.0.7 released".
See the announcement on our website:
https://roundcube.net/news/2015/09/14/updates-1.1.3-and-1.0.7-released/

Apologies for the confusion!

~Thomas


On Thu, Sep 17, 2015 at 10:02 PM, Thomas Bruederli <tho...@roundcube.net> wrote:
> Dear Roundcube users
>
> We recently published updates to both stable versions 1.0 and 1.1 after
> fixing many minor bugs and ensuring compatibility with upstream versions of
> 3rd party libraries used in Roundcube. Version 1.0.7 comes with
> cherry-picked fixes from the more recent version to ensure proper long term
> support.
>
> See the full changelog here: http://trac.roundcube.net/wiki/Changelog
>
> Both versions are considered stable and we recommend to update all
> productive installations of Roundcube with either of these versions.
> Download them from https://roundcube.net/download
>
> As usual, don't forget to backup your data before updating!
>
> Best,
> Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Updates 1.1.2 and 1.0.6 released

2015-06-06 Thread Thomas Bruederli 
Dear Roundcube users

We just published updates to both stable versions 1.0 and 1.1 after
fixing many minor bugs and adding some security improvements to the
1.1 release branch. Version 1.0.6 comes with cherry-picked fixes from
the more recent version to ensure proper long term support especially
in regards of security and compatibility.

The security-related fixes in particular are:

 - XSS vulnerability in _mbox argument
 - security improvement in contact photo handling
 - potential info disclosure from temp directory

See the full changelog here: http://trac.roundcube.net/wiki/Changelog

Both versions are considered stable and we recommend to update all
productive installations of Roundcube with either of these versions.
Download them from https://roundcube.net/download

As usual, don't forget to backup your data before updating.

And there's one more thing:

Our crowdfunding campaign for Roundcube Next is still ongoing and has
just been updated with more details of what we want to achieve. We'd
much appreciate your support for this exciting new project. Please
visit https://roundcu.be/next and spread the word about it.
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Join us at the Kolab Summit in The Hague

2015-05-01 Thread Thomas Bruederli 
Dear Roundcube users and affiliates

The Roundcube development team gathers this weekend in The Hague at
the first Kolab Summit.
If you can make it there, we'd love to meet you in person and talk to
you about the future of Roundcube.

More information about the event and the location can be found here:
https://conference.kolab.org

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] is it possible to disable use_secure_urls for some pages?

2015-04-30 Thread Thomas Bruederli 
On Thu, Apr 30, 2015 at 8:52 AM, martijn.list martijn.l...@gmail.com wrote:
 Hi,

 Enabling use_secure_urls has some side effects which I'm looking at how
 to solve.

 For example, a user might have defined a bookmark to the RC login page
 (www.example.com/webmail/). This works find just as long as the user is
 not yet logged in. However if the user is already logged in and the user
 wants to check whether there is any new mail and therefore clicks the
 bookmark, an error page with Access to this service was denied due to
 failing security checks! is shown. The user should then click the
 click here to try again link which will redo the request but now with
 the correct token in the URL. Since the GET request is redone but now
 with the correct token added, to me it looks like checking the URL token
 for GET requests will not bring additional security because if the user
 clicks the click here to try again link, the request will be done anyway.

That's exactly the point: the user has to CLICK the link - human
interaction required.

The random hash in the webmail URL is supposed to protect from CSRF or
click-jacking attacks by making it harder for an attacker to guess the
URL for the actual actions on the webmail application with a possibly
active session. Roundcube already has proper protection for POST and
Ajax requests. The unique-per-session urls add the missing piece for
GET requests.

 Is it possible to disable the secure URL check for certain pages and/or
 requests? Perhaps with a plugin? or is it all or nothing?

No it isn't, it's literally all or nothing. But what certain pages
would you then like to exclude? Once you allow one, you loose
protection against click-jacking.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] is it possible to disable use_secure_urls for some pages?

2015-04-30 Thread Thomas Bruederli 
On Thu, Apr 30, 2015 at 12:05 PM, martijn.list martijn.l...@gmail.com wrote:
 On 04/30/2015 11:54 AM, Thomas Bruederli wrote:
 On Thu, Apr 30, 2015 at 8:52 AM, martijn.list martijn.l...@gmail.com wrote:
 [...]
 Since the GET request is redone but now
 with the correct token added, to me it looks like checking the URL token
 for GET requests will not bring additional security because if the user
 clicks the click here to try again link, the request will be done anyway.

 That's exactly the point: the user has to CLICK the link - human
 interaction required.

 I understand the concept although in practice I think most users would
 just click the link without understanding the implications.

That's actually fine or good enough respectively. We just have to
insist on human interaction here and could not facilitate this by
doing an automated redirect to the valid session url.

 Is it possible to disable the secure URL check for certain pages and/or
 requests? Perhaps with a plugin? or is it all or nothing?

 No it isn't, it's literally all or nothing. But what certain pages
 would you then like to exclude? Once you allow one, you loose
 protection against click-jacking.

 If the secure URLs are enabled, the user can no longer open the webmail
 page using a general bookmark if the user is already logged-in.

I agree and that certainly is a downside of this improved security measure.

 You
 might argue that if the user is already logged-in that the webmail is
 already open in some page but when you have a lot of open pages you
 might have forgotten that you already opened a page somewhere. If the
 user now clicks the bookmark, the failing security checks error message
 is shown. Is that a shop stopper? no but can be annoying for users who
 do not understand what it actually means.

For better understanding we recently changed the wording of the message into

For your protection, access to this resource is secured against CSRF.
If you see this, you probably didn't log out before leaving the web application.

Human interaction is now required to continue.

[Click here to resume your previous session]


This will probably help to educate the users by properly logging out
when leaving the webmail.

Of course we're open to suggestions how to further improve this.

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Update 1.1.1 released

2015-03-18 Thread Thomas Bruederli 
Dear Roundcube users

We're proud to announce the first service release to the stable
version 1.1 of Roundcube webmail. It contains
some important bug fixes and improvements in error handling as well as
a few new features and configuration options.

See the full Changelog here: http://trac.roundcube.net/wiki/Changelog

It's considered stable and we recommend to update all productive
installations of Roundcube with this version. Download it from
http://roundcube.net/download.

And remember: backup before you update!

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Problem running the calendar sql-command

2015-03-17 Thread Thomas Bruederli 
On Tue, Mar 17, 2015 at 9:43 AM, T. Ermlich pelegr...@gmx.net wrote:
 Hello,

 some days ago I did a cleam installation of Roundcube, as offered I 
 downloaded version 1.1.0.
 Installation went well, Roundcube is working as intended.

 Yesterday I installed calendar-plugin, an run:
 mysql -u root -p roundcubemail  
 /var/lib/roundcube/plugins/calendar/drivers/database/SQL/mysql.initial.sql
 After typing the password I get:
 ERROR 1064 (42000) at line 26: You have an error in your SQL syntax; check 
 the manual that corresponds to your MariaDB server version for the right 
 syntax to use near 'tinyint(1) NOT NULL DEFAULT '0',
   `created` datetime NOT NULL DEFAULT '1000-01-' at line 7

Ooopsie, that's an error in the SQL schema. Fixed in
https://gitlab.com/kolab-roundcube-plugins/calendar/commit/125420074d136bb235ff1284ba05aaf65fc71628

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Problem running the calendar sql-command

2015-03-17 Thread Thomas Bruederli 
On Tue, Mar 17, 2015 at 10:31 AM, T. Ermlich pelegr...@gmx.net wrote:
 Plus I found some typos:
 It should be Kategorie, not Katgorie:
 plugins/calendar/localization/de_DE.inc:$labels['add_category'] = 'Katgorie 
 hinzufügen';
 plugins/calendar/localization/de_DE.inc:$labels['remove_category'] = 
 'Katgorie entfernen';
 plugins/calendar/localization/de_CH.inc:$labels['add_category'] = 'Katgorie 
 hinzufügen';
 plugins/calendar/localization/de_CH.inc:$labels['remove_category'] = 
 'Katgorie entfernen';


Fixed in https://www.transifex.com/projects/p/kolab/resource/calendar/
Will be added to a future release of the plugin.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Can't install Kolab plugins

2015-03-11 Thread Thomas Bruederli 
On Mon, Mar 9, 2015 at 12:49 PM, Thomas Bruederli tho...@roundcube.net wrote:
 Hi Russell

 It appears that gitorious.org has limited access to hosted git
 repositories. Checkout works with https:// but apparently not with
 git:// anymore. Maybe that's due to their announced change to Gitlab.

 I'll investigate and update the plugin repository accordingly. Stay tuned...

I have meanwhile updated the repository URLs in the plugin repository
and installation should work again. Please try again and report
problems if they persist.

Best,
Thomas


 On Mon, Mar 9, 2015 at 10:06 AM,  russ...@zeropointnetworks.com wrote:
 Hi

 I'm trying to install the Kolab calendar plugin using Composer, but getting
 the following error. I'm able to download other plugins (I've downloaded
 roundcube/carddav and johndoh/globaladdressbook). Is anyone able to help?
 I'm using Roundcube 1.0.5 from Bitnami.

 Loading composer repositories with package information
 Updating dependencies (including require-dev)
  - Installing kolab/libcalendaring (dev-master 55bbb2c)
  Cloning 55bbb2c063a57c130fd1d38ee47ef14c5b983f6a

  [RuntimeException]
  Failed to execute git clone --no-checkout
 'git://gitorious.org/kolab-roundcube-plugins/libcalendaring.git'
 '/opt/roundcube-1.0.5-0/apps
  /roundcube/htdocs/plugins/libcalendaring'  cd
 '/opt/roundcube-1.0.5-0/apps/roundcube/htdocs/plugins/libcalendaring'  git
 remote add
  composer 'git://gitorious.org/kolab-roundcube-plugins/libcalendaring.git'
  git fetch composer
  Cloning into
 '/opt/roundcube-1.0.5-0/apps/roundcube/htdocs/plugins/libcalendaring'...
  fatal: Could not read from remote repository.
  Please make sure you have the correct access rights
  and the repository exists.

 update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev]
 [--lock] [--no-plugins] [--no-custom-installers] [--no-autoloader]
 [--no-scripts] [--no-progress] [--with-dependencies] [-v|vv|vvv|--verbose]
 [-o|--optimize-autoloader] [--ignore-platform-reqs] [--prefer-stable]
 [--prefer-lowest] [packages1] ... [packagesN]

 Kind regards

 Russell Hurren
 Managing Director
 Zero Point Networks PTY LTD

 ___
 Roundcube Users mailing list
 users@lists.roundcube.net
 http://lists.roundcube.net/mailman/listinfo/users
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] After upgrading to 1.1.0 - plugin legacy_browser

2015-02-12 Thread Thomas Bruederli 
On Thu, Feb 12, 2015 at 12:39 PM, Noel Butler noel.but...@ausics.net wrote:
 I think dropping ie8 support is wrong

We can run in infinite circles about this topic as we can already see
how this thread grows. Roundcube just followed the decision of jQuery
- which I consider a significant player in today's web.

But anyway, we clearly indicated that Roundcube 1.1.x will no longer
support IE 8 in the announcements and it's *your* decision if you
want/can upgrade in regards of *your* userbase or not.

Finally, it's free software and therefore anybody is free to question
our decisions and bring back IE8 support in a forked version of what
we just released as 1.1.0.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Errors after upgrading to 1.1.0 - Class PEAR not found and Class Mail_mime not found

2015-02-11 Thread Thomas Bruederli 
On Wed, Feb 11, 2015 at 4:22 PM, deoren roundcube-us...@whyaskwhy.org wrote:
 Hi,

 Thanks in advance for reading this.

 ---

 Prior to upgrading to 1.1.0 my Roundcube 1.0.5 installation (Ubuntu 12.04
 LTS) worked just fine. When I went to run the bin/update.sh command like so:

   bin/update.sh --package roundcube --version=1.1 --dir=./SQL

 I received this error:

   PHP Fatal error:  Class 'PEAR' not found in
 /var/www/roundcubemail/program/lib/Roundcube/bootstrap.php on line 100

You obviously didn't install the complete package of the Roundcube release.

 I looked through all three guides and did not find mention of mime:

 * http://trac.roundcube.net/wiki/Howto_Install
 * http://trac.roundcube.net/wiki/Howto_Upgrade
 * http://trac.roundcube.net/wiki/Howto_Requirements

You're right, these documents require some update after the changes
that came with Roundcube 1.1.0.

 nor did I find instructions telling me to use PEAR to install any modules. I
 did see mention of Composer, but the guides above made no reference to it
 that I could find. On the getcomposer.org site I looked at the Using
 Composer section:

   https://getcomposer.org/doc/00-intro.md#using-composer

 which suggested running:

   php composer.phar install

 but I did not find a composer.phar file. I did find a composer.json-dist
 file, but no references to composer.json or composer.json-ist in the
 documentation (aside from some rewrite rules blocking direct access).

If your already looked at composer.org, you should also have come
across this page: https://getcomposer.org/download/

Please look into the INSTALL file within the Roundcube 1.1.0 package.
It explains the steps how to install the 3rd party libraries using
composer. I admit that this should be mentioned in the UGRADING
document as well. We'll fix the docs accordingly.

Thanks for reporting!

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] After upgrading to 1.1.0 - plugin legacy_browser

2015-02-11 Thread Thomas Bruederli 
On Wed, Feb 11, 2015 at 12:38 PM, Ivan Jurišić i...@jurisic.org wrote:
 Hello to all,

 I upgrade roundcube 1.0.3 to 1.1.0 and lost support for old internet
 browsers Internet explorer 8, but I find plugin legacy_browser with
 support to Internet explorer 8.

As you correctly figured out, we dropped support for IE8 in order to
move forward in technology, mainly because jQuery - which is an
important component of Roundcube - also dropped support for old
browsers.

We're doing our best to maintain the legacy_browser plugin but you
might understand that this doesn't have the highest priority for us.

 On first look all work perfect, except for users witch have in
 Settings-Mailbox View-Show preview pane set off.

 Problem is when trying double click on message , message is not open. On

If you find a defect and have concrete steps to reproduce it, please
file a bug ticket at http://trac.roundcube.net

Best,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] smtp error

2015-02-10 Thread Thomas Bruederli 
On Tue, Feb 10, 2015 at 11:14 AM,  mo...@origamitechnologies.com wrote:
 Dear Sir,

 We have installed roundcube mail client on our server and it was working
 fine earlier.Now we can't send mail to other mail servers like
 gmail,yahoo,etc...

 While sending mail other than our mail server we are getting error message

 SMTP Error (550): Failed to add recipient arjunaju...@gmail.com (Please
 turn on SMTP Authentication in your mail client, or login to the IMAP/POP3
 server before sending your message. (email.origamitechnologies.com)
 [192.254.190.128]:41201 is not permitted to relay through this server
 without authentication.)

 How can we resolve this issue.Please help us to resolve this issue

Reading the error message already helps here: Please turn on SMTP
Authentication in your mail client

That means Roundcube needs to authenticate with username and password
(of the current user) before sending a message. From our How-To wiki
you can learn how to do that:
http://trac.roundcube.net/wiki/Howto_Config#SendingmessagesviaSMTP

In short:

  $config['smtp_user'] = '%u';
  $config['smtp_pass'] = '%p';

Cheers,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Roundcube Webmail 1.1.0 released

2015-02-09 Thread Thomas Bruederli 
Dear subscribers

We’re proud to announce the arrival of the next major version 1.1.0 of
Roundcube webmail which is now available for download. With this
milestone we introduce new features since version 1.0 as well as some
clean-up with the 3rd party libraries:

- Allow searching across multiple folders
- Improved support for screen readers and assistive technology using
WCAG 2.0 andWAI ARIA standards
- Update to TinyMCE 4.1 to support images in HTML signatures (copy  paste)
- Added namespace filter and folder searching in folder manager
- New config option to disable UI elements/actions
- Stronger password encryption using OpenSSL
- Support for the IMAP SPECIAL-USE extension
- Support for Oracle as database backend
- Manage 3rd party libs with Composer

In addition to that, we added some new features to improve protection
against possible but yet unknown CSRF attacks - thanks to the help of
Kolab Systems who supplied the concept and development resources for
this.

Although the new security features are yet experimental and disabled
by default, our wiki describes how to enable the Secure URLs [1] and
give it a try.

And of course, this new version also includes all patches for reported
CSRF and XSS vulnerabilities previously released in the 1.0.x series.

IMPORTANT: with the 1.1.x series, we drop support for PHP  5.3.7 and
Internet Explorer  9.
IE7/IE8 support can be restored by enabling the ‘legacy_browser’
plugin which is part of the default package.

See the complete changelog at http://trac.roundcube.net/wiki/Changelog
and download the new packages from http://roundcube.net/download.

The download packages come in two flavors: dependent, which requires
the manual installation of 3rd party libs using Composer and
complete, with all the required libraries already packed into the
vendor directory and ready to run.

Best,
Thomas

[1] http://trac.roundcube.net/wiki/Howto_Config/Secure_URLs
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] ldap address book

2015-01-20 Thread Thomas Bruederli 
On Tue, Jan 20, 2015 at 2:28 PM, Гаврилов Алексей gavri...@info74.ru wrote:
 Hello.

 Updating first
 tried to 0.8.6 - 0.9.5 (ubuntu repository)
 and 0.8.6 - 1.0.4
 manifests itself as a problem.
 When you create a new message. I'm trying to write the address of the ldap
 directory, but it is not substituted.
 Thus substituted addresses from your personal address book.

 I would like to build this functionality.
 Because it blocks the update.
 That I have set up wrong?

 My configuration file.

 ./config/config.inc.php

 ?php

 ...
 foreach($regions as $k=$v)
 {
   $config['ldap_public'][$k] = array(
   'name'  = $k,
   

I see that

'bind_dn'   = '',
'bind_pass' = '',

are missing. Does your LDAP server allow anonymous binding?

 ...
   array_push($config['autocomplete_addressbooks'], $k);

That's good.

Make sure that option isn't overwritten by any host-specific config.

 // --
 // LOGGING/DEBUGGING
 // --

 ...
 $config['ldap_debug'] = true;

Since you already have ldap debugging enabled, look at the logs and
see what LDAP queries are sent. That should give you some hints about
what's possibly going wrong in your setup.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Our Local Internet Service Provider WAS BANKRUPT !

2014-12-24 Thread Thomas Bruederli 
Hi

We're sorry but you wrote to the wrong people. Roundcube is just a
free software which your former hosting provider installed on their
servers. There's nothing we can do for you in this case.

Please stop spamming our mailing list with this request.

Best regards,
Thomas


On Wed, Dec 24, 2014 at 11:24 AM, ümit özkefeli uozkef...@gmail.com wrote:



 Dear Sir / Madam ;

 Our Local Service Provider WAS  BANKRUPT !
 WE CAN NOT USE OUR EMAIL!


 My company CNN ELEKTRONIK LTD. STI is TURKISH COMPANY in ANKARA / TURKEY and
 has been used roundcube for a long time using CNN-TRADE.COM web page and
 uozkef...@cnn-trade.com email address.

 Our local service provider which is SAFIR.NET was BANKRUPT and so we CAN NOT
 USE OUR EMAİL ADDRESS uozkef...@cnn-trade.com since 18th Thursday 2014.

 As you can see the below info that was taken from your web infos ; we have
 using cnn-trade.com DOMAIN NAME sine 2004.


 We can not get any contact with our local service provider SAFIR.NET neither
 from their personal phone nor their office phone numbers.
 There was no answer for our emalls and we can not use their web page that is
 SAFIRNET.NET


 WOULD YOU PLEASE LET ME USE OUR EMAIL ADDRESS uozkef...@cnn-trade.com .

 If you send me our DOMAIN NAME AND HOSTING CODES we can transfer our web
 page and email address to another service provider.

 First of all I need to use my email address uozkef...@cnn-trade.com
 urgently!
 PLEASE SUPPORT US.


 Best Regards.

 Umit OZKEFELI
 General Manager


 CNN ELEKTRONIK LTD. STI.

 Address:
 Mahmut Yesari Sokak.No: 8-2 CANKAYA
 ANKARA
 TURKEY

 Phone : + 90 312 4397565 ( direct )
 Phone : + 90 312 4422011
 Fax : + 90 312 4386572

 Cell : + 90 532 3138669

 Email  :uozkef...@cnn-trade.com




 · Whois Server Version 2.0

 ·

 · Domain names in the .com and .net domains can now be registered

 · with many different competing registrars. Go to
 http://www.internic.net

 · for detailed information.

 ·

 ·Domain Name: CNN-TRADE.COM

 ·Registrar: ONLINENIC, INC.

 ·Whois Server: whois.onlinenic.com

 ·Referral URL: http://www.OnlineNIC.com

 ·Name Server: NS1.SAFIRNET.NET

 ·Name Server: NS2.SAFIRNET.NET

 ·Status: clientDeleteProhibited

 ·Status: clientTransferProhibited

 ·Updated Date: 16-sep-2014

 ·Creation Date: 07-sep-2004

 ·Expiration Date: 07-sep-2016

 ·

 ·  Last update of whois database: Fri, 19 Dec 2014 07:37:24 GMT
 

 ·

 · NOTICE: The expiration date displayed in this record is the date
 the

 · registrar's sponsorship of the domain name registration in the
 registry is

 · currently set to expire. This date does not necessarily reflect
 the expiration

 · date of the domain name registrant's agreement with the sponsoring

 · registrar.  Users may consult the sponsoring registrar's Whois
 database to

 · view the registrar's reported date of expiration for this
 registration.

 ·

 · TERMS OF USE: You are not authorized to access or query our Whois

 · database through the use of electronic processes that are
 high-volume and

 · automated except as reasonably necessary to register domain names
 or

 · modify existing registrations; the Data in VeriSign Global
 Registry

 · Services' (VeriSign) Whois database is provided by VeriSign for

 · information purposes only, and to assist persons in obtaining
 information

 · about or related to a domain name registration record. VeriSign
 does not

 · guarantee its accuracy. By submitting a Whois query, you agree to
 abide

 · by the following terms of use: You agree that you may use this
 Data only

 · for lawful purposes and that under no circumstances will you use
 this Data

 · to: (1) allow, enable, or otherwise support the transmission of
 mass

 · unsolicited, commercial advertising or solicitations via e-mail,
 telephone,

 · or facsimile; or (2) enable high volume, automated, electronic
 processes

 · that apply to VeriSign (or its computer systems). The compilation,

 · repackaging, dissemination or other use of this Data is expressly

 · prohibited without the prior written consent of VeriSign. You
 agree not to

 · use electronic processes that are automated and high-volume to
 access or

 · query the Whois database except as reasonably necessary to
 register

 · domain names or modify existing registrations. VeriSign reserves
 the right

 · to restrict your access to the Whois database in its sole
 discretion to ensure

 · operational stability.  VeriSign may restrict or terminate your
 access to the

 · Whois database for failure to abide by these terms of use.
 VeriSign

 · reserves the right to modify these

[RCU] Update 1.0.4 released

2014-12-18 Thread Thomas Bruederli 
Dear Roundcube users

We're proud to announce the next service release to the stable version
1.0 of Roundcube webmail. It contains a security fix along with some
bug fixes and improvements  for the long term support branch of
Roundcube. The most important ones are:

* Security: Fix possible CSRF attacks to some address book operations
as well as to the ACL and Managesieve plugins.
* Fix attachments encoded in TNEF containers (from Outlook)
* Fix compatibility with PHP 5.2

See the full changelog here: http://trac.roundcube.net/wiki/Changelog

It's considered stable and we recommend to update all productive
installations of Roundcube with this version. Download it from
http://roundcube.net/download.

And remember: backup before updating!

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Search in all folders?

2014-12-16 Thread Thomas Bruederli 
On Tue, Dec 16, 2014 at 3:20 PM, absolutely_f...@libero.it
absolutely_f...@libero.it wrote:
 Hi,
 is there a way to make a search in all webmail folders?

 I am using RC 1.0.3 and in dropdown list I can search on:

Cross-folder search will be part of Roundcube 1.1. You can already get
a sneak preview from the beta release.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Question about large emails account

2014-11-02 Thread Thomas Bruederli 
On Sun, Nov 2, 2014 at 1:25 PM, Jorge Bastos mysql.jo...@decimal.pt wrote:
 Is there a way to change this option for all existing users, like some text
 that I could change via SQL.

Have a look at bin/moduserprefs.sh:

$ bin/moduserprefs.sh --delete message_sort_col

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Different Skins for each user

2014-10-21 Thread Thomas Bruederli 
On Mon, Oct 20, 2014 at 5:40 PM, Vinicius Haas Masiero 
vinicius.masi...@gruposinos.com.br wrote:

  i tested the way which you appointed me, but in my case i need it works
 with 2 domains in a same hostname.

 i configure two conf files for my 2 domains, and appointed to them in my
 config.inc.php with the lines:

 $config['include_host_config'] = array(
   'sinos.com' = 'sinos.com.inc.php',
   'vinicius.net' = 'vinicius.net.inc.php'
 );


Make sure the keys match the host name users use to access the webmail.
Thus if users point their browser to http://webmail.sinos.com, the config
should be 'webmail.sinos.com' = 'sinos.com.inc.php'.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Not all mails shown for selected folder

2014-10-20 Thread Thomas Bruederli 
On Mon, Oct 20, 2014 at 1:31 PM, Sven Hartge s...@svenhartge.de wrote:
 Sven Hartge s...@svenhartge.de wrote:
 Sven Hartge s...@svenhartge.de wrote:

 Another data point: I spoke with a user who had this problem with
 Firefox and we found out the Plugin/Adware Browser Companion Helper
 was installed. After deactivating said plugin the problem went away and
 reenabling made the problem occur again.

 JFTR: Got another extension causing this problem, for both Firefix and
 Google Chrome: ICQ Toolbar.

 Another offender has been found: Norton Security Toolbar

 I wonder if anything can be done on the side of Roundcube to mitigate
 the impact of such extensions.

When I read the call stack correctly, the error raises from the call
to init in contextmenu.js:381 which is part of the 3rd party
contextmenu plugin. Please contact the author of that plugin directly
regarding this issue. From the Roundcube core side, I don't see
anything we could right now.

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Password change plugin not working

2014-10-15 Thread Thomas Bruederli 
On Wed, Oct 15, 2014 at 3:24 PM, FLORIDA BLUE BAY RESORT  SPA
sa...@floridabluebay.gr wrote:
 Can someone help on how I can set up our roundcube email in my iphone?

 Incoming and outgoing server?

Please read the green fat box on the top of http://roundcube.net/support/

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] spell checker

2014-10-14 Thread Thomas Bruederli 
Hello Robert

On Tue, Oct 14, 2014 at 5:13 AM, Robert Moskowitz r...@htt-consult.com wrote:
 I am installing roundcubemail on a Redsleeve6 server from the tarball:
 roundcubemail-1.0.3.tar.gz

 // Set the spell checking engine. Possible values:
 // - 'googie'  - the default
 // - 'pspell'  - requires the PHP Pspell module and aspell installed
 // - 'enchant' - requires the PHP Enchant module
 // - 'atd' - install your own After the Deadline server or check with
 the people at http://www.afterthedeadline.com before using their API
 // Since Google shut down their public spell checking service, you need to
 // connect to a Nox Spell Server when using 'googie' here. Therefore specify
 the 'spellcheck_uri'
 $config['spellcheck_engine'] = 'googie';

 And the install web page said that if you select google, then the mail is
 sent to google for spell checking?  But here in the config file, it implies
 that 'service' is no longer available and there is a spellcheck_uri, but I
 don't see the syntax for that in the config file.

That indeed is a bit misleading. Yes, Google shut down their service
some time ago and therefore we're now running our own service at
http://spell.roundcube.net which implements the same API. That's also
the default service to be used when setting
$config['spellcheck_engine'] = 'googie'; and leaving 'spellcheck_uri'
empty.

I just updated the comments in the default config file to clarify this.

 So where can I get instructions for the spell checking?  Or to just turn it
 off for now?  pspell and enchant do not seem to be options.

You can find some instrcutions here:
http://trac.roundcube.net/wiki/Howto_Config/Aspell

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Our Wish List for Encryption Browser Extensions

2014-10-11 Thread Thomas Bruederli 
Dear Roundcube devs and list lurkers

PGP encryption for Roundcube is a repeatedly popping up topic. Of
course we're also very much interested in providing a solid solution
for end-to-end encryption as a standard part of Roundcube. I therefore
tried to summarize the current situation in our wiki [1] and compiled
a few wishes to current and future encryption browser plugins - from a
webmail programmer's point of view of course:

  
http://roundcubeinbox.wordpress.com/2014/10/10/our-wish-list-for-encryption-browser-extensions/

I think the approach with a locally installed browser extension to do
the encryption part is the most sustainable at the moment. While
Mailvelope [2] already does a pretty good job, please also give your
attention to pEp [3] which adds some more simplicity and automation on
top of standard encryption methods like PGP and S/MIME. After a recent
meeting with the pEp developers, I'm really looking forward to see
this become available, eventually also as a browser extension. So
please support their crowd-funding campaign [4] and help them to make
encryption easy for everyone.

Kind regards,
Thomas

[1] http://trac.roundcube.net/wiki/Dev_Encryption
[2] https://www.mailvelope.com/
[3] http://pep-project.org/
[4] http://go.pep-project.org/
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Time for new HTML Editor

2014-10-11 Thread Thomas Bruederli 
On Sat, Sep 27, 2014 at 1:32 PM, Thomas Bruederli tho...@roundcube.net wrote:
 On Sat, Sep 27, 2014 at 1:15 PM, Cor Bosman c...@xs4all.nl wrote:
 I think CKeditor looks ok. And doing a quick test it does seem to jump out 
 of blockquote after a double enter.

 Thanks for the hint. And does CKeditor provide a similar feature set
 as TinyMCE? I guess downgrading the formatting abilities would cause
 another load of user support requests...

 FWIW: I just created a ticket for this issue:
 http://trac.roundcube.net/ticket/1490083

I just attached a patch with a possible modification of the TinyMCE
behavior when pressing Enter inside a blockquote element. It pretty
much copies the behavior of the CKeditor.

Please give it a try and give feedback.

Best,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] debian jessie amd-64, roundcube 1.0.3, nginx, postfix, dovecot, mysql

2014-10-07 Thread Thomas Bruederli 
On Sat, Oct 4, 2014 at 11:06 AM, shm...@riseup.net shm...@riseup.net wrote:
 browser:
 connection to storage server failed

Here you have the reason stated ^^.

Please check the 'default_host' setting in your Roundcube config and
make sure the connection type (e.g. tls://), hostname and port are set
to whatever dovecot is running at.

Best,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Update 1.0.3 released

2014-09-29 Thread Thomas Bruederli 
Dear Roundcube users

We're proud to announce the next service release to the stable version
1.0 of Roundcube webmail. It contains some bug fixes and improvements
we considered important for the long term support branch of Roundcube.
See the full changelog here: http://trac.roundcube.net/wiki/Changelog

It's considered stable and we recommend to update all productive
installations of Roundcube with this version. Download it from
http://roundcube.net/download.

And remember: backup before updating!

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Time for new HTML Editor

2014-09-27 Thread Thomas Bruederli 
So please everybody calm down again!

Truly, a go-fix-it-yourself response is not what you wanted to hear
and I also understand your request is valid because based on real user
complaints. Personally, I don't write HTML emails and therefore it
doesn't bother me that much. And I didn't know Squirrelmail can do
HTML either.

However, writing a rich text editor is a project on its own and way
beyond our possibilities in terms of time and effort needed. But I'm
sure there are some other working editors out there which would solve
the problem and which are available under an open source license. We'd
therefore appreciate your contribution in the form of hints or
suggestions about possible replacements of the current TinyMCE editor.
Even if this is a users list.

And maybe there's even a simple TinyMCE plugin which can detect
Enter while in a blockquote element and then break the block level
as your users apparently would expect.

Roundcube is free software and grows from the collaboration and
contribution of people who care. Let's try to solve problems this way
instead of shouting at each others, shall we?

Kind regards,
Thomas



On Sat, Sep 27, 2014 at 12:14 PM, Nick Edwards nick.z.edwa...@gmail.com wrote:
 On 9/27/14, Nieścierowicz Adam adam.niescierow...@justnet.pl wrote:


 watch your mouth


 mind your own business , you dont get to play netcopper either, I
 placed a valid bug report, if a developer wants to say go fix it
 yourself, it should be archived for all to see so they can make a
 decision if RC is for them, you are most welcome to place a filter on
 me to not see my posts anytime you want



 W dniu 26.09.2014 18:01, Nick Edwards napisał(a):

 On 9/26/14, A.L.E.C a...@alec.pl wrote:
 On 09/26/2014 02:36 AM, Nick Edwards wrote: or do we need to go back to
 squirellmail? At ;least we could hit enter and it would break up the quote
 lines the way they should. I think this can be done smarter with TinyMCE
 plugin. I'm not interested in working on a new editor. Feel free to do
 this. In git-master most of HTML editor functionality is in one place, so
 you should have not many problems with creating a plugin that will replace
 the default editor. We'll provide more plugin API hooks if needed.

 so this list is not for admin users? this a developer list then by
 your assumption everyone here can code, please point me to the general
 users list where us non code mere mortal monkies can subscribe to, to
 make bug reports and sugestions without being told to go code it
 yourself

 the editor RC supplies is fucked, so it should be replaced, or fixed. by
 RC.


 ___
 Roundcube Users mailing list
 users@lists.roundcube.net
 http://lists.roundcube.net/mailman/listinfo/users
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Time for new HTML Editor

2014-09-27 Thread Thomas Bruederli 
On Sat, Sep 27, 2014 at 1:15 PM, Cor Bosman c...@xs4all.nl wrote:
 I think CKeditor looks ok. And doing a quick test it does seem to jump out of 
 blockquote after a double enter.

Thanks for the hint. And does CKeditor provide a similar feature set
as TinyMCE? I guess downgrading the formatting abilities would cause
another load of user support requests...

FWIW: I just created a ticket for this issue:
http://trac.roundcube.net/ticket/1490083

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Different Skins for each user

2014-09-23 Thread Thomas Bruederli 
On Tue, Sep 23, 2014 at 2:14 PM, Vinicius Haas Masiero
vinicius.masi...@gruposinos.com.br wrote:

 Good Morning guys!

 i work in a internet provider and my idea is to use one different skin for 
 each domain which i sign in my servers.

 for example: domain.com - skin1, domain1.com - skin2, etc

 there a existing plugin for this?

I guess you can do without a plugin but with per-domain configurations
for Roundcube. The only pre-requisite is that your users use different
hostnames for accessing their webmail (e.g. webmail.domain1.com,
webmail.domain2.com, etc.)

Roundcube supports defining different configuration files for each
domain and this is where you could set individual skins. See
http://trac.roundcube.net/wiki/Howto_Config/Multidomains for more
information.

Kind regards,
Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Resolved: Roundcube hangs on Sending/Saving

2014-09-10 Thread Thomas Bruederli 
On Wed, Sep 10, 2014 at 11:23 AM, Ed W li...@wildgooses.com wrote:
 Hi, I recently ran into a problem which I'm documenting here in the hope it
 saves others some time (possibly also RC devs could be aware and consider
 logging a warning)

 The symptoms are that roundcube mostly works, but hangs with a
 Saving/Sending message at the bottom of the screen if you try and save/send.
 The browser is frozen, in that you cannot click on other items on the
 page, and it's necessary to close the browser tab or do a full page reload
 to escape.

 The resolution was to remove security headers from my default nginx config:

 #add_header X-Frame-Options DENY;
 #add_header X-Content-Type-Options nosniff;

 I presume that the iframe option interferes with save/send process, hence
 why it breaks.  I think it's not unreasonable, however, just documenting the
 problem here since it's a common option shown as a good default for a
 tightly secured webserver setup.

Thanks for sharing this. There's some basic documentation about
webserver config in our wiki:
http://trac.roundcube.net/wiki/Howto_Config/Webservers Feel free to
update that page.

FWIW: Roundcube itself sets the X-Frame-Options headers according to
config: 
https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L395

~Thomas
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

  1   2   3   >