Control Web Panel

WebPanel => E-Mail => Topic started by: adixyo on October 31, 2023, 08:09:20 PM

Title: roundcube CVE-2023-5631
Post by: adixyo on October 31, 2023, 08:09:20 PM

CVE-2023-5631 - https://nvd.nist.gov/vuln/detail/CVE-2023-5631

Is an update planned?
Manual update fail, bad php version etc. Does anyone have version 1.4.15 of Roundcube?

Title: Re: roundcube CVE-2023-5631
Post by: tomkolp on November 05, 2023, 07:52:59 PM

Roundcubemail has long been unsupported in cwp.  Now this is a security risk.  Each of my domains allows access to rouncubemail via the /webmail suffix. 

How will it turn off along with the whole roundube? 

Have you tried installing version 1.5.6?  I haven't tried it yet, but the 1.5.x series works for me, the php problem is from 1.6.x.

Edit:
I followed this guide, just change the version from 1.5.4 to 1.5.6 everywhere and it works:
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-154-%E2%80%93-control-web-panel/

Title: Re: roundcube CVE-2023-5631
Post by: overseer on November 06, 2023, 03:55:52 PM

As far as I know, Sandeep's post there is the last semi-official word on roundcube under CWP. So that's where I have things -- 1.5.6.