Recent Posts
1
Other / Re: Goodbye CWP — I’m done for good
« Last post by Starburst on Today at 06:36:26 PM »I don't understand the point of these "suicide note" posts. Fine, make a choice, do it.
Because haters are gonna hate.
You look at the post history, and that's all they have posted since post 1.
Bashing CWP in one way or another, and all saying it's a 'dead project'.
2
Updates / Re: Roundcube vulnerability
« Last post by cyberspace on Today at 03:10:42 PM »Update to the script listed here:
http://forum.centos-webpanel.com/updates/roundcube-vulnerability/msg53064/#msg53064
Changelog:
Added the option to enable/disable email notifications
http://forum.centos-webpanel.com/updates/roundcube-vulnerability/msg53064/#msg53064
Changelog:
Added the option to enable/disable email notifications
Code: [Select]
ENABLE_NOTIFICATIONS=true # true/false to enable/disable notificationsThanks @overseer for the ideaCode: [Select]
#!/usr/bin/env bash
####################################################################################
# #
# The MIT License (MIT) #
# #
# Copyright (c) 2026 BeinHost.com #
# #
# Permission is hereby granted, free of charge, to any person obtaining a copy #
# of this software and associated documentation files (the "Software"), to deal #
# in the Software without restriction, including without limitation the rights #
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell #
# copies of the Software, and to permit persons to whom the Software is #
# furnished to do so, subject to the following conditions: #
# #
# The above copyright notice and this permission notice shall be included in all #
# copies or substantial portions of the Software. #
# #
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR #
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, #
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE #
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER #
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, #
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE #
# SOFTWARE. #
# #
####################################################################################
########################################
# CONFIG
########################################
BASE_DIR="/usr/local/cwpsrv/var/services"
INSTALL_DIR="$BASE_DIR/roundcube"
PAGE_URL="https://roundcube.net/download/"
OWNER="cwpsvc:cwpsvc"
EMAIL="address@domain.com" # set your email address here
ENABLE_NOTIFICATIONS=true # true/false to enable/disable notifications
SUBJECT_PREFIX="[Roundcube Updater]"
cd "$BASE_DIR"
########################################
# Send notofication
########################################
send_email() {
if [ "$ENABLE_NOTIFICATIONS" = true ]; then
local subject="$1"
local body="$2"
# use mail command
echo -e "$body" | mail -s "$SUBJECT_PREFIX $subject" "$EMAIL"
fi
}
########################################
# Detect installed version
########################################
INI_FILE="$INSTALL_DIR/program/include/iniset.php"
if [[ ! -f "$INI_FILE" ]]; then
echo "Cannot detect installed version (iniset.php missing)."
exit 2
fi
installed_version=$(grep -oE "RCMAIL_VERSION',[[:space:]]*'[^']+'" \
"$INI_FILE" | sed -E "s/.*'([^']+)'.*/\1/")
installed_version=$(echo "$installed_version" | tr -d '\r\n[:space:]')
echo "Installed version: $installed_version"
########################################
# Detect latest LTS version + checksum
########################################
lts_block=$(curl -fsSL "$PAGE_URL" \
| awk '/<h2 id="lts">/,/<\/table>/')
download_url=$(echo "$lts_block" \
| grep -oE 'https://[^"]+-complete\.tar\.gz' \
| head -n1)
latest_version=$(echo "$download_url" \
| sed -E 's/.*roundcubemail-([0-9]+\.[0-9]+\.[0-9]+)-complete\.tar\.gz/\1/')
latest_version=$(echo "$latest_version" | tr -d '\r\n[:space:]')
sha256_expected=$(echo "$lts_block" \
| grep -oE '[a-f0-9]{64}' \
| head -n1)
if [[ -z "$download_url" || -z "$latest_version" || -z "$sha256_expected" ]]; then
echo "Failed to detect latest LTS release."
send_email "Update failed" "Server: `hostname`\nFailed to detect latest LTS release.\nTime: $(date)"
exit 3
fi
########################################
# Compare versions
########################################
version_gt() {
[ "$1" = "$2" ] && return 1
local IFS=.
local i ver1=($1) ver2=($2)
for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)); do ver1[i]=0; done
for ((i=${#ver2[@]}; i<${#ver1[@]}; i++)); do ver2[i]=0; done
for ((i=0; i<${#ver1[@]}; i++)); do
if ((10#${ver1[i]} > 10#${ver2[i]})); then return 0; fi
if ((10#${ver1[i]} < 10#${ver2[i]})); then return 1; fi
done
return 1
}
#echo "Installed: [$installed_version]"
#echo "Latest: [$latest_version]"
if version_gt "$latest_version" "$installed_version"; then
echo "Update available."
send_email "Update successful" "Server: `hostname`\nStatus: Roundcube updated successfully!\nPrevious version: $installed_version\nNew version: $latest_version\nBackup directory: $backup_dir\nTime: $(date)"
elif version_gt "$installed_version" "$latest_version"; then
echo "Installed version is newer than LTS."
send_email "Installed version newer than LTS" "Server: `hostname`\nStatus: Installed Roundcube version ($installed_version) is newer than latest LTS ($latest_version).\nNo update performed.\nTime: $(date)"
else
echo "Latest LTS version:" "$latest_version"
echo "Already up to date."
send_email "No update needed" "Server: `hostname`\nStatus: Roundcube is already up to date.\nInstalled version: $installed_version\nLatest LTS: $latest_version\nTime: $(date)"
exit 0
fi
########################################
# Backup current installation
########################################
backup_dir="roundcube_backup_v${installed_version}_$(date +%F_%H%M%S)"
echo "Creating backup: $backup_dir"
cp -a roundcube "$backup_dir"
########################################
# Download release
########################################
filename=$(basename "$download_url")
echo "Downloading $filename"
curl -fL -o "$filename" "$download_url"
########################################
# Verify SHA256
########################################
echo "Verifying checksum..."
sha256_actual=$(sha256sum "$filename" | awk '{print $1}')
if [[ "$sha256_actual" != "$sha256_expected" ]]; then
echo "Checksum verification FAILED!"
rm -f "$filename"
send_email "Server: `hostname`\nUpdate FAILED" "Status: Roundcube update failed!\nInstalled version: $installed_version\nLatest version: $latest_version\nBackup: $backup_dir\nReason: SHA256 mismatch or extraction failure\nTime: $(date)"
exit 4
fi
echo "Checksum OK."
########################################
# Extract + Install
########################################
echo "Extracting..."
tar -xzf "$filename"
src_dir="roundcubemail-$latest_version"
if [[ ! -d "$src_dir" ]]; then
echo "Extraction failed. Directory $src_dir not found."
exit 5
fi
echo "Running install script..."
yes | "$src_dir/bin/installto.sh" "$INSTALL_DIR"
########################################
# Fix permissions
########################################
chown -R "$OWNER" roundcube
########################################
# Cleanup
########################################
rm -rf "$src_dir" "$filename"
echo "Update completed successfully!"
echo "Now running version: $latest_version"
send_email "Update successful.\nStatus: Roundcube updated: $installed_version -> $latest_version\nBackup: $backup_dir"3
Other / Re: Goodbye CWP — I’m done for good
« Last post by overseer on Today at 01:25:19 PM »I don't understand the point of these "suicide note" posts. Fine, make a choice, do it.
4
Updates / Re: Roundcube vulnerability
« Last post by cyberspace on Today at 10:41:34 AM »I just set the permissions on the script like:
I should probably have written these instructions in my previous message.
Code: [Select]
chown admin:admin /script/update_roundcube.sh # replace "admin:admin" with your admin username and group.
chmod 700 /script/update_roundcube.sh
so no one except "admin" would be allowed to run the script.I should probably have written these instructions in my previous message.
5
Information / Re: Getting a [!!! CRITICAL ALERT !!!] Ghost files (deleted but running) found
« Last post by cgauthey on Today at 07:16:02 AM »I received the exact same alert; it seems to be a false positive according to CWP support. There's nothing to worry about; they'll release an update to correct this notification, they told me.
6
Other / Re: Goodbye CWP — I’m done for good
« Last post by matrix4495 on Today at 06:22:42 AM »QuoteOkay, goodbye. We'll miss your contribution here.I'm all for ending the AI-composed echo chamber. You're making your choice, I've made mine. I'm sticking with CWP for the foreseeable future. Hope your new panel serves you well!
Yea, I used AI to refine my wording intentionally, so I don't use the words or adjectives I actually think for some people hijacking this form to get adrenaline rush and I don’t waste time on petty phrasing debates.QuoteOkay, goodbye. We'll miss your contribution here.I'm all for ending the AI-composed echo chamber. You're making your choice, I've made mine. I'm sticking with CWP for the foreseeable future. Hope your new panel serves you well!
What’s interesting is that instead of addressing the real observations points (changelog, CVE timelines, roadmap, support expectations), the reply is about “AI echo chambers.”
That tells me everything I need to know, for me and specially for you fan boy...
We clearly operate at different standards where I am not blinded by the cheerleading and knee jerk defence of CWP or any other forum you spend your time on; it's time to grow up and take real decisions. I’ve moved on, and I’m not spending more time in circles.
For AI, yea I use it heavily to write and integrate it into my projects.
FYI, I still used AI to omit the words I actually i meant...
Good luck, you’ll need it the day...
Logging out for good... JS
7
Other / Re: Goodbye CWP — I’m done for good
« Last post by overseer on Today at 03:37:21 AM »Quote
Okay, goodbye. We'll miss your contribution here.I'm all for ending the AI-composed echo chamber. You're making your choice, I've made mine. I'm sticking with CWP for the foreseeable future. Hope your new panel serves you well!
8
Information / Re: Getting a [!!! CRITICAL ALERT !!!] Ghost files (deleted but running) found
« Last post by overseer on Today at 03:30:37 AM »Save the panic attacks by silencing notifications! Create /etc/cron.daily/notifications_zero and it will run after the daily CWP scripts and empty out your notifications.
Code: [Select]
#!/bin/sh
echo '[]' > /usr/local/cwpsrv/htdocs/resources/admin/include/libs/notifications/notifications.json9
Updates / Re: Roundcube vulnerability
« Last post by overseer on Today at 12:07:32 AM »Thanks for that! I've added it into my daily cron routines.
One thing I do is add an authentication hook at the beginning of privileged scripts, in case it is run interactively:
One thing I do is add an authentication hook at the beginning of privileged scripts, in case it is run interactively:
Code: [Select]
# Authentication
sudo -p "Please authenticate (admin password): " printf "" || {
echo "Abort: could not authenticate" >&2
exit 1
}And then close out the script withCode: [Select]
sudo -kto remove cached credentials.10
Updates / Re: Roundcube vulnerability
« Last post by cyberspace on February 21, 2026, 10:40:13 PM »Hi guys,
I've developed a script to update Roundcube for CWP to the latest LTS version.
What does the script do ?
1. I parses the page:
https://roundcube.net/download/
to identify the latest LTS version of Roundcub and URL to .tag.gz file.
2. Compares the versions (installed and available at the website)
3. If the installed version is older than available then:
3a. Makes backup of the currently installed Roundcube
3b. Downloads the .tar.gz file from the website
3c. Checks the checksum to make sure the downloaded file isn't corrupted
3d. Updates Roundcube
3e. Sends a notification to the user (address is specified in the script)
If the versions are the same or installed version is never then just sends an simple notification like "no update needed".
I tested the script some time and it worked fine for me. However, please note, you use the script on your own risk (MIT License) )
I've developed a script to update Roundcube for CWP to the latest LTS version.
What does the script do ?
1. I parses the page:
https://roundcube.net/download/
to identify the latest LTS version of Roundcub and URL to .tag.gz file.
2. Compares the versions (installed and available at the website)
3. If the installed version is older than available then:
3a. Makes backup of the currently installed Roundcube
3b. Downloads the .tar.gz file from the website
3c. Checks the checksum to make sure the downloaded file isn't corrupted
3d. Updates Roundcube
3e. Sends a notification to the user (address is specified in the script)
If the versions are the same or installed version is never then just sends an simple notification like "no update needed".
Code: [Select]
#!/usr/bin/env bash
####################################################################################
# #
# The MIT License (MIT) #
# #
# Copyright (c) 2026 BeinHost.com #
# #
# Permission is hereby granted, free of charge, to any person obtaining a copy #
# of this software and associated documentation files (the "Software"), to deal #
# in the Software without restriction, including without limitation the rights #
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell #
# copies of the Software, and to permit persons to whom the Software is #
# furnished to do so, subject to the following conditions: #
# #
# The above copyright notice and this permission notice shall be included in all #
# copies or substantial portions of the Software. #
# #
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR #
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, #
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE #
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER #
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, #
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE #
# SOFTWARE. #
# #
####################################################################################
########################################
# CONFIG
########################################
BASE_DIR="/usr/local/cwpsrv/var/services"
INSTALL_DIR="$BASE_DIR/roundcube"
PAGE_URL="https://roundcube.net/download/"
OWNER="cwpsvc:cwpsvc"
EMAIL="support@beinhost.com"
SUBJECT_PREFIX="[Roundcube Updater]"
cd "$BASE_DIR"
########################################
# Send notofication
########################################
send_email() {
local subject="$1"
local body="$2"
# use mail command
echo -e "$body" | mail -s "$SUBJECT_PREFIX $subject" "$EMAIL"
}
########################################
# Detect installed version
########################################
INI_FILE="$INSTALL_DIR/program/include/iniset.php"
if [[ ! -f "$INI_FILE" ]]; then
echo "Cannot detect installed version (iniset.php missing)."
exit 2
fi
installed_version=$(grep -oE "RCMAIL_VERSION',[[:space:]]*'[^']+'" \
"$INI_FILE" | sed -E "s/.*'([^']+)'.*/\1/")
installed_version=$(echo "$installed_version" | tr -d '\r\n[:space:]')
echo "Installed version: $installed_version"
########################################
# Detect latest LTS version + checksum
########################################
lts_block=$(curl -fsSL "$PAGE_URL" \
| awk '/<h2 id="lts">/,/<\/table>/')
download_url=$(echo "$lts_block" \
| grep -oE 'https://[^"]+-complete\.tar\.gz' \
| head -n1)
latest_version=$(echo "$download_url" \
| sed -E 's/.*roundcubemail-([0-9]+\.[0-9]+\.[0-9]+)-complete\.tar\.gz/\1/')
latest_version=$(echo "$latest_version" | tr -d '\r\n[:space:]')
sha256_expected=$(echo "$lts_block" \
| grep -oE '[a-f0-9]{64}' \
| head -n1)
if [[ -z "$download_url" || -z "$latest_version" || -z "$sha256_expected" ]]; then
echo "Failed to detect latest LTS release."
send_email "Update failed" "Server: `hostname`\nFailed to detect latest LTS release.\nTime: $(date)"
exit 3
fi
########################################
# Compare versions
########################################
version_gt() {
[ "$1" = "$2" ] && return 1
local IFS=.
local i ver1=($1) ver2=($2)
for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)); do ver1[i]=0; done
for ((i=${#ver2[@]}; i<${#ver1[@]}; i++)); do ver2[i]=0; done
for ((i=0; i<${#ver1[@]}; i++)); do
if ((10#${ver1[i]} > 10#${ver2[i]})); then return 0; fi
if ((10#${ver1[i]} < 10#${ver2[i]})); then return 1; fi
done
return 1
}
#echo "Installed: [$installed_version]"
#echo "Latest: [$latest_version]"
if version_gt "$latest_version" "$installed_version"; then
echo "Update available."
send_email "Update successful" "Server: `hostname`\nStatus: Roundcube updated successfully!\nPrevious version: $installed_version\nNew version: $latest_version\nBackup directory: $backup_dir\nTime: $(date)"
elif version_gt "$installed_version" "$latest_version"; then
echo "Installed version is newer than LTS."
send_email "Installed version newer than LTS" "Server: `hostname`\nStatus: Installed Roundcube version ($installed_version) is newer than latest LTS ($latest_version).\nNo update performed.\nTime: $(date)"
else
echo "Latest LTS version:" "$latest_version"
echo "Already up to date."
send_email "No update needed" "Server: `hostname`\nStatus: Roundcube is already up to date.\nInstalled version: $installed_version\nLatest LTS: $latest_version\nTime: $(date)"
exit 0
fi
########################################
# Backup current installation
########################################
backup_dir="roundcube_backup_v${installed_version}_$(date +%F_%H%M%S)"
echo "Creating backup: $backup_dir"
cp -a roundcube "$backup_dir"
########################################
# Download release
########################################
filename=$(basename "$download_url")
echo "Downloading $filename"
curl -fL -o "$filename" "$download_url"
########################################
# Verify SHA256
########################################
echo "Verifying checksum..."
sha256_actual=$(sha256sum "$filename" | awk '{print $1}')
if [[ "$sha256_actual" != "$sha256_expected" ]]; then
echo "Checksum verification FAILED!"
rm -f "$filename"
send_email "Server: `hostname`\nUpdate FAILED" "Status: Roundcube update failed!\nInstalled version: $installed_version\nLatest version: $latest_version\nBackup: $backup_dir\nReason: SHA256 mismatch or extraction failure\nTime: $(date)"
exit 4
fi
echo "Checksum OK."
########################################
# Extract + Install
########################################
echo "Extracting..."
tar -xzf "$filename"
src_dir="roundcubemail-$latest_version"
if [[ ! -d "$src_dir" ]]; then
echo "Extraction failed. Directory $src_dir not found."
exit 5
fi
echo "Running install script..."
yes | "$src_dir/bin/installto.sh" "$INSTALL_DIR"
########################################
# Fix permissions
########################################
chown -R "$OWNER" roundcube
########################################
# Cleanup
########################################
rm -rf "$src_dir" "$filename"
echo "Update completed successfully!"
echo "Now running version: $latest_version"
send_email "Update successful.\nStatus: Roundcube updated: $installed_version -> $latest_version\nBackup: $backup_dir"
I tested the script some time and it worked fine for me. However, please note, you use the script on your own risk (MIT License) )
