Roundcube vulnerability

Happy New Year :slight_smile:

http://www.directadmin.com/forum/showthread.php?p=146742#post146742

My server appears to have been hit by this…

Howdy,

Can you pop that into the Bug Tracker? I suspect Jamie may want to know so he can expedite an updated copy of that.

Thanks!
-Eric

I’ve added this to the bug tracker, but its screwed up the formatting as I posted a link…

Cheers,

Paul

For those updating to version 0.2 - save yourself sometime and make sure that you have PHP 5.2 installed, as this is now the minimum PHP version to use it.

Cheers,

Paul

Is there an updated install (upgrade) script coming?

Yup!

There’s some details here:

http://www.virtualmin.com/index.php?option=com_fireboard&Itemid=77&func=view&catid=5&id=19401

But, the new RoundCube will be available in the next Virtualmin version.

To upgrade sooner, you can go into the "Upgrade to Un-Supported version" section of the Install Scripts, and enter "0.2-stable" for the RoundCube version to use.
-Eric

The script fails because the SQL init/upgrade files have been renamed.

Is it enough to just restrict access to Roundcube with .htaccess?

Jamie has provided an amended script available here:

http://www.virtualmin.com/index.php?option=com_flyspray&Itemid=99999999&show_task=4969