1

Topic: Roundcube security issue.

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====Hey guys,

I know iRedMail moved to SOGo for webmail frontend, but in case there are still people with roundcube, here is a very interesting article about roundcube newly discovered vulnerability.
https://blog.ripstech.com/2016/roundcub … via-email/



==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Roundcube security issue.

We posted in mailing list on Dec 7:
https://groups.google.com/forum/#!topic … OAMfkDnI3o

I apologize for not posting in forum (i forgot sad )

ivuzunov wrote:

I know iRedMail moved to SOGo for webmail frontend

This is not right. iRedMail ships both Roundcube and SOGo, not "move to SOGo".