[Kolab-devel] Security Update for Roundcube in Kolab 3.4 and Kolab 16
Timotheus Pokorra
timotheus at kolab.org
Fri May 27 10:24:15 CEST 2016
Hello,
an XSS vulnerability has been reported, and fixed in roundcube.
see http://seclists.org/oss-sec/2016/q2/414
and https://github.com/roundcube/roundcubemail/issues/5240
I have applied this fix to Kolab 3.4 Updates:
https://obs.kolabsys.com/package/show/Kolab:3.4:Updates/roundcubemail
I also prepared an update for Kolab 16:
https://obs.kolabsys.com/request/show/1646
(I had to do the branch and submit request from the command line,
because today the SSL certificate for obs.kolabsys.com expired, which
breaks the login through the browser interface).
I do have commit permissions for Kolab 3.4, but I don't have commit
permissions for Kolab 16.
Jeroen, can you please review the submit request and apply it to
roundcube in Kolab 16?
Alternatively, or additionally, can I please have commit permissions
for Kolab 16?
Now that the community and the enterprise version have been merged, we
still need a way to provide security updates for the community.
Thanks,
Timotheus
More information about the devel
mailing list