Control Web Panel
WebPanel => Updates => Topic started by: cyberspace on June 19, 2025, 10:39:18 AM
-
A new security vulnerability was found in Roundcube:
https://nvd.nist.gov/vuln/detail/CVE-2025-49113
The effected versions:
all versions before 1.5.10
all 1.6.x versions before 1.6.11
The most recent versions of Roundcube include the patch:
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
CWP uses Roundcube 1.4.x therefore it is highly recommended to update Roundcube
Instructions how to update Roundcube to 1.5.11:
cd /usr/local/cwpsrv/var/services
cp -R roundcube roundcube_backup
wget https://github.com/roundcube/roundcubemail/releases/download/1.5.11/roundcubemail-1.5.11-complete.tar.gz
tar -xvzf roundcubemail-1.5.11-complete.tar.gz
cd roundcubemail-1.5.11
bin/installto.sh /usr/local/cwpsrv/var/services/roundcube
cd ..
chown -R cwpsvc:cwpsvc roundcube
rm -rf roundcubemail-1.5.11*
Please note you do it on your own risk.
-
Yes, saw that a couple of weeks ago. Other updating directions are here, just update the version number from 1.5.8 to 1.5.11 (LTS version):
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/#comment-35 (https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/#comment-35)
-
Yes, saw that a couple of weeks ago. Other updating directions are here, just update the version number from 1.5.8 to 1.5.11 (LTS version):
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/#comment-35 (https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/#comment-35)
Worked perfectly on AL 8.10 installation
Used the "Centos 8 stream/EL8" instructions
-
A new security vulnerability was found in Roundcube:
https://nvd.nist.gov/vuln/detail/CVE-2025-49113
The effected versions:
all versions before 1.5.10
all 1.6.x versions before 1.6.11
The most recent versions of Roundcube include the patch:
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
CWP uses Roundcube 1.4.x therefore it is highly recommended to update Roundcube
Instructions how to update Roundcube to 1.5.11:
cd /usr/local/cwpsrv/var/services
cp -R roundcube roundcube_backup
wget https://github.com/roundcube/roundcubemail/releases/download/1.5.11/roundcubemail-1.5.11-complete.tar.gz
tar -xvzf roundcubemail-1.5.11-complete.tar.gz
cd roundcubemail-1.5.11
bin/installto.sh /usr/local/cwpsrv/var/services/roundcube
cd ..
chown -R cwpsvc:cwpsvc roundcube
rm -rf roundcubemail-1.5.11*
Please note you do it on your own risk.
Got server error in roundcube after following the instructions. Maybe some step is missing.
-
What error did you get ?
-
There are several steps missing @anandmys
I'll create a new KB article, the one we have online is for 1.5.9
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-mail-version-1-5-9-in-cwp-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-mail-version-1-5-9-in-cwp-on-almalinux-8-9/)
-
Here is the updated guide to update Roundcube to version 1.5.11:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-webmail-to-version-1-5-11-in-cwp-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-webmail-to-version-1-5-11-in-cwp-on-almalinux-8-9/)