This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Roundcube vulnerability

8 posts / 0 new

Topic locked

Last post

#1 Thu, 01/01/2009 - 05:56

pixel_paul

Roundcube vulnerability

Happy New Year :)

http://www.directadmin.com/forum/showthread.php?p=146742#post146742

My server appears to have been hit by this.....

#2 Thu, 01/01/2009 - 12:16

andreychek

Howdy,

Can you pop that into the Bug Tracker? I suspect Jamie may want to know so he can expedite an updated copy of that.

Thanks!
-Eric

#3 Fri, 01/09/2009 - 09:54 (Reply to #2)

Transmobius

The script fails because the SQL init/upgrade files have been renamed.

Is it enough to just restrict access to Roundcube with .htaccess?

#4 Thu, 01/01/2009 - 13:10

pixel_paul

I've added this to the bug tracker, but its screwed up the formatting as I posted a link....

Cheers,

Paul

#5 Thu, 01/01/2009 - 13:24

pixel_paul

For those updating to version 0.2 - save yourself sometime and make sure that you have PHP 5.2 installed, as this is now the minimum PHP version to use it.

Cheers,

Paul

#6 Fri, 01/09/2009 - 08:27

Transmobius

Is there an updated install (upgrade) script coming?

#7 Fri, 01/09/2009 - 08:32 (Reply to #6)

andreychek

Yup!

There's some details here:

http://www.virtualmin.com/index.php?option=com_fireboard&Itemid=77&a...

But, the new RoundCube will be available in the next Virtualmin version.

To upgrade sooner, you can go into the "Upgrade to Un-Supported version" section of the Install Scripts, and enter "0.2-stable" for the RoundCube version to use.
-Eric

#8 Thu, 01/15/2009 - 00:49

pixel_paul

Jamie has provided an amended script available here:

[url]http://www.virtualmin.com/index.php?option=com_flyspray&Itemid=99999...

Topic locked