[Pkg-roundcube-maintainers] New upstream release 1.1.5

Sandro Knauß bugs at sandroknauss.de
Wed Apr 27 23:32:52 UTC 2016


> Upstream released 1.1.5 a few days ago [0].  It delivers “important bug
> fixes and helps protecting Roundcube against more XSS and CSRF attacks”.

1.1.5 is now uploaded - thanks for the work. 

Some points:
* do not create the tags before the upload is not made. I added also the 
feature of verify the tarballs with the signed asc, like it is described at 
* composer.json-dist  we replace ~ with >= to make the dependecy be more 
relaxed. So if there is a new dependency added by upstream we also need to 
update this one. Inthere README they are also say >= 

> I had a brief look at the PHP7 transition (#817922,#821646,#821647,
> #821648,#821649,#821650), and I agree with Sandro that we should wait
> until 1.2-rc is promoted stable.  Then the version in stretch will
> diverge with the one in jessie-backports since the latter shall sick to
> 1.1.x.

if you already have a working patch for php7, we can test this already in 
unstable ( if 1.1.5-1 has entered testing).

> By the way, do you have any insight on #813843?  I agree with Antoine
> that 0.9.5-1~bpo70+1 is riddled with known bugs and should be removed
> from the wheezy-backports.  Could anyone do the upload?

Mmh yes 0.9.5 is vulnerable, we should remove it - but than the users have 
0.7.2-9+deb7u2 for wheezy, that doesn't make the situation better.

What do you mean with "Could anyone do the upload?"



Ich habe meinen Schlüssel gewechselt / I've switched my GnuPG key:

Mein (neuer) öffentlicher Schlüssel / My (new) public key: E68031D299A6527C 
Fingerabdruck / Fingerprint:
D256 4951 1272 8840 BB5E  99F2 E680 31D2 99A6 527C 
Runterladen z.B. bei/ Get it e.g. here:
pool.sks-keyservers.net, ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20160428/d719c760/attachment.sig>

More information about the Pkg-roundcube-maintainers mailing list