Author Topic: Roundcube vulnerability (Read 1057 times)

cyberspace · « **on:** June 19, 2025, 10:39:18 AM »

A new security vulnerability was found in Roundcube:
https://nvd.nist.gov/vuln/detail/CVE-2025-49113

The effected versions:
all versions before 1.5.10
all 1.6.x versions before 1.6.11

The most recent versions of Roundcube include the patch:
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

CWP uses Roundcube 1.4.x therefore it is highly recommended to update Roundcube

Instructions how to update Roundcube to 1.5.11:

Code: [Select]

cd /usr/local/cwpsrv/var/services
cp -R roundcube roundcube_backup
wget https://github.com/roundcube/roundcubemail/releases/download/1.5.11/roundcubemail-1.5.11-complete.tar.gz
tar -xvzf roundcubemail-1.5.11-complete.tar.gz
cd roundcubemail-1.5.11
bin/installto.sh /usr/local/cwpsrv/var/services/roundcube
cd ..
chown -R cwpsvc:cwpsvc roundcube
rm -rf roundcubemail-1.5.11*

Please note you do it on your own risk.

overseer · « **Reply #1 on:** June 19, 2025, 01:52:55 PM »

Yes, saw that a couple of weeks ago. Other updating directions are here, just update the version number from 1.5.8 to 1.5.11 (LTS version):
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/#comment-35

anandmys · « **Reply #2 on:** June 21, 2025, 06:27:45 AM »

Quote from: overseer on June 19, 2025, 01:52:55 PM

Yes, saw that a couple of weeks ago. Other updating directions are here, just update the version number from 1.5.8 to 1.5.11 (LTS version):
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/#comment-35

Worked perfectly on AL 8.10 installation

Used the "Centos 8 stream/EL8" instructions

anandmys · « **Reply #3 on:** June 21, 2025, 06:29:00 AM »

Quote from: cyberspace on June 19, 2025, 10:39:18 AM

A new security vulnerability was found in Roundcube:
https://nvd.nist.gov/vuln/detail/CVE-2025-49113

The effected versions:
all versions before 1.5.10
all 1.6.x versions before 1.6.11

The most recent versions of Roundcube include the patch:
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

CWP uses Roundcube 1.4.x therefore it is highly recommended to update Roundcube

Instructions how to update Roundcube to 1.5.11:

Code: [Select]
cd /usr/local/cwpsrv/var/services cp -R roundcube roundcube_backup wget https://github.com/roundcube/roundcubemail/releases/download/1.5.11/roundcubemail-1.5.11-complete.tar.gz tar -xvzf roundcubemail-1.5.11-complete.tar.gz cd roundcubemail-1.5.11 bin/installto.sh /usr/local/cwpsrv/var/services/roundcube cd .. chown -R cwpsvc:cwpsvc roundcube rm -rf roundcubemail-1.5.11*
Please note you do it on your own risk.

Got server error in roundcube after following the instructions. Maybe some step is missing.

cyberspace · « **Reply #4 on:** June 21, 2025, 08:43:55 AM »

What error did you get ?

Starburst · « **Reply #5 on:** June 21, 2025, 07:55:56 PM »

There are several steps missing @anandmys

I'll create a new KB article, the one we have online is for 1.5.9
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-mail-version-1-5-9-in-cwp-on-almalinux-8-9/

Starburst · « **Reply #6 on:** June 22, 2025, 04:34:56 AM »

Here is the updated guide to update Roundcube to version 1.5.11:

https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-webmail-to-version-1-5-11-in-cwp-on-almalinux-8-9/

grusu · « **Reply #7 on:** July 30, 2025, 07:31:51 AM »

Hi,

For CentOS Stream 8 what is the correct way to update?

Thanks,
Geo

overseer · « **Reply #8 on:** July 30, 2025, 10:54:28 AM »

Follow the steps for EL8 distributions here:
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/

bradleygb · « **Reply #9 on:** August 26, 2025, 11:59:00 AM »

Quote from: Starburst on June 21, 2025, 07:55:56 PM

There are several steps missing @anandmys

I'll create a new KB article, the one we have online is for 1.5.9
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-mail-version-1-5-9-in-cwp-on-almalinux-8-9/

I still get Server error! (Internal Server Error)

Martins-phpbb · « **Reply #10 on:** August 26, 2025, 12:23:14 PM »

Quote from: Starburst on June 22, 2025, 04:34:56 AM

Here is the updated guide to update Roundcube to version 1.5.11:

https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-webmail-to-version-1-5-11-in-cwp-on-almalinux-8-9/

Works like a charm buddy

alm 9

matrix4495 · « **Reply #11 on:** August 26, 2025, 02:19:15 PM »

Quote from: Starburst on June 22, 2025, 04:34:56 AM

Here is the updated guide to update Roundcube to version 1.5.11:

https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-webmail-to-version-1-5-11-in-cwp-on-almalinux-8-9/

Worked with Rocky 8

Starburst · « **Reply #12 on:** August 27, 2025, 12:03:05 AM »

Quote from: grusu on July 30, 2025, 07:31:51 AM

Hi,

For CentOS Stream 8 what is the correct way to update?

Thanks,
Geo

Alpha OS'es aren't recommended for Production use.

You should switch over to AlmaLinux 8.

bradleygb · « **Reply #13 on:** August 27, 2025, 09:36:23 PM »

Do you have to upgrade your cwp php version?

Starburst · « **Reply #14 on:** August 27, 2025, 11:26:30 PM »

You shouldn't have to.

Control Web Panel

Author Topic: Roundcube vulnerability (Read 1057 times)

Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability