Fedora Linux 8640 Published by

A roundcubemail security update has been released for Fedora 37.

[SECURITY] Fedora 37 Update: roundcubemail-1.6.3-1.fc37

Fedora Update Notification
2023-09-24 03:11:30.835578

Name : roundcubemail
Product : Fedora 37
Version : 1.6.3
Release : 1.fc37
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

Update Information:

**Release 1.6.3** - Fix bug where installto.sh/update.sh scripts were removing
some essential options from the config file (#9051) - Update jQuery-UI to
version 1.13.2 (#9041) - Fix regression that broke use_secure_urls feature
(#9052) - Fix potential PHP fatal error when opening a message with
message/rfc822 part (#8953) - Fix bug where a duplicate `` tag in HTML
email could cause some parts being cut off (#9029) - Fix bug where a list of
folders could have been sorted incorrectly (#9057) - Fix regression where LDAP
addressbook 'filter' option was ignored (#9061) - Fix wrong order of a multi-
folder search result when sorting by size (#9065) - Fix so install/update
scripts do not require PEAR (#9037) - Fix regression where some mail parts could
have been decoded incorrectly, or not at all (#9096) - Fix handling of an error
case in Cyrus IMAP BINARY FETCH, fallback to non-binary FETCH (#9097) - Fix PHP8
deprecation warning in the reconnect plugin (#9083) - Fix "Show source" on
mobile with x_frame_options = deny (#9084) - Fix various PHP warnings (#9098) -
Fix deprecated use of ldap_connect() in password's ldap_simple driver (#9060) -
Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain
text messages

* Fri Sep 15 2023 Remi Collet [remi@remirepo.net] - 1.6.3-1
- update to 1.6.3

[ 1 ] Bug #2239447 - roundcubemail: XSS vulnerability in handling of linkrefs in plain text messages

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-be9d60ef35' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at