---
- branch: MAIN
  date: Sun Oct 28 15:23:34 UTC 2018
  files:
  - new: '1.12'
    old: '1.11'
    path: pkgsrc/mail/roundcube/Makefile.common
    pathrev: pkgsrc/mail/roundcube/Makefile.common@1.12
    type: modified
  - new: '1.63'
    old: '1.62'
    path: pkgsrc/mail/roundcube/distinfo
    pathrev: pkgsrc/mail/roundcube/distinfo@1.63
    type: modified
  id: 20181028T152334Z.0274d9dd4ce74fd8acccf24b5e234373bee4e4d0
  log: |
    mail/roundcube: update to 1.3.8

    This update includes XSS security problem.

    RELEASE 1.3.8
    -------------

    - Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
    - Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
    - Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
    - Fix so Classic skin splitter does not escape out of window (#6397)
    - Fix XSS issue in handling invalid style tag content (#6410)
    - Fix compatibility with MySQL 8 - error on 'system' table use
    - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
    - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
    - Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
    - Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
    - Fix multiple VCard field search (#6466)
    - Fix session issue on long running requests (#6470)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/mail/roundcube'
  unixtime: '1540740214'
  user: taca