[Kolab-devel] Security Update for Roundcube in Kolab 3.4 and Kolab 16

Timotheus Pokorra timotheus at kolab.org
Fri May 27 10:24:15 CEST 2016


an XSS vulnerability has been reported, and fixed in roundcube.
see http://seclists.org/oss-sec/2016/q2/414
and https://github.com/roundcube/roundcubemail/issues/5240

I have applied this fix to Kolab 3.4 Updates:

I also prepared an update for Kolab 16:
(I had to do the branch and submit request from the command line,
because today the SSL certificate for obs.kolabsys.com expired, which
breaks the login through the browser interface).

I do have commit permissions for Kolab 3.4, but I don't have commit
permissions for Kolab 16.

Jeroen, can you please review the submit request and apply it to
roundcube in Kolab 16?
Alternatively, or additionally, can I please have commit permissions
for Kolab 16?

Now that the community and the enterprise version have been merged, we
still need a way to provide security updates for the community.


More information about the devel mailing list