[Pkg-roundcube-maintainers] New upstream release 1.1.5
bugs at sandroknauss.de
Wed Apr 27 23:32:52 UTC 2016
> Upstream released 1.1.5 a few days ago . It delivers “important bug
> fixes and helps protecting Roundcube against more XSS and CSRF attacks”.
1.1.5 is now uploaded - thanks for the work.
* do not create the tags before the upload is not made. I added also the
feature of verify the tarballs with the signed asc, like it is described at
* composer.json-dist we replace ~ with >= to make the dependecy be more
relaxed. So if there is a new dependency added by upstream we also need to
update this one. Inthere README they are also say >=
> I had a brief look at the PHP7 transition (#817922,#821646,#821647,
> #821648,#821649,#821650), and I agree with Sandro that we should wait
> until 1.2-rc is promoted stable. Then the version in stretch will
> diverge with the one in jessie-backports since the latter shall sick to
if you already have a working patch for php7, we can test this already in
unstable ( if 1.1.5-1 has entered testing).
> By the way, do you have any insight on #813843? I agree with Antoine
> that 0.9.5-1~bpo70+1 is riddled with known bugs and should be removed
> from the wheezy-backports. Could anyone do the upload?
Mmh yes 0.9.5 is vulnerable, we should remove it - but than the users have
0.7.2-9+deb7u2 for wheezy, that doesn't make the situation better.
What do you mean with "Could anyone do the upload?"
Ich habe meinen Schlüssel gewechselt / I've switched my GnuPG key:
Mein (neuer) öffentlicher Schlüssel / My (new) public key: E68031D299A6527C
Fingerabdruck / Fingerprint:
D256 4951 1272 8840 BB5E 99F2 E680 31D2 99A6 527C
Runterladen z.B. bei/ Get it e.g. here:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part.
More information about the Pkg-roundcube-maintainers