[Pkg-roundcube-maintainers] New upstream release 1.1.5

Guilhem Moulin guilhem at guilhem.org
Tue Apr 26 01:58:47 UTC 2016


Hi there,

Upstream released 1.1.5 a few days ago [0].  It delivers “important bug
fixes and helps protecting Roundcube against more XSS and CSRF attacks”.

Turns out updating the package from 1.1.4 was glitchless (and upstream
didn't include a .sql file), so I just pushed a new release to git.
Could anyone check it out and upload?

I've also prepared a backports.  Due to the CVE I think it should be
uploaded quite soon, but maybe we can wait 5 days until 1.1.5 lands in
testing.  (By the way I had to lower the minimum version of some PEAR
packages in composer.json to reflect the versions existing in stable.)


I had a brief look at the PHP7 transition (#817922,#821646,#821647,
#821648,#821649,#821650), and I agree with Sandro that we should wait
until 1.2-rc is promoted stable.  Then the version in stretch will
diverge with the one in jessie-backports since the latter shall sick to
1.1.x.

By the way, do you have any insight on #813843?  I agree with Antoine
that 0.9.5-1~bpo70+1 is riddled with known bugs and should be removed
from the wheezy-backports.  Could anyone do the upload?

-- 
Guilhem.

[0] http://lists.roundcube.net/pipermail/dev/2016-April/023817.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20160426/00b47a69/attachment.sig>


More information about the Pkg-roundcube-maintainers mailing list