Roundcube Community Forum

News and Announcements => News & Announcements => Topic started by: SKaero on November 08, 2017, 06:10:43 PM

Title: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on November 08, 2017, 06:10:43 PM
We just published updates to all stable versions from 1.1.x onwards delivering fixes for a recently discovered file disclosure vulnerability in Roundcube Webmail.

Apparently this zero-day exploit is already being used by hackers to read Roundcube’s configuration files. It requires a valid username/password as the exploit only works with a valid session. More details will be published soon under CVE-2017-16651.

The Roundcube series 1.0.x is not affected by this vulnerability but we nevertheless back-ported the fix in order to protect from yet unknown exploits.

See the full changelog for the according version in the release notes on the Github download pages: v1.3.3 (https://github.com/roundcube/roundcubemail/releases/tag/1.3.3), v1.2.7 (https://github.com/roundcube/roundcubemail/releases/tag/1.2.7), v1.1.10 (https://github.com/roundcube/roundcubemail/releases/tag/1.1.10) v1.0.12 (https://github.com/roundcube/roundcubemail/releases/tag/1.0.12)

We strongly recommend to update all productive installations of Roundcube with either one of these versions.

Mitigation
In order to check whether your Roundcube installation has been compromised check the access logs for requests like ?_task=settings&_action=upload-display&_from=timezone. As mentioned above, the file disclosure only works for authenticated users and by finding such requests in the logs you should also be able to identify the account used for this unauthorized access. For mitigation we recommend to change the all credentials to external services like database or LDAP address books and preferably also the des_key option in your config.

Source: https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10
Get it Now: https://roundcube.net/download
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on November 30, 2017, 03:24:46 AM
I installed 1.2.7 from GitHub, and It's not logging in and sending messages properly.  It goes very slow, and hardly ever logs in.  A server tech has no clue what's causing that.  Any ideas?  :--) 
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on November 30, 2017, 12:32:33 PM
Whats in your error log?
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on November 30, 2017, 12:44:54 PM
[30-Nov-2017 07:30:23 +0000]: <v6vg3979> Session auth check failed for v6vg3979g16nu9i2h4tfkbvga4; timeslot = 2017-11-30 07:30:00
[30-Nov-2017 07:30:23 +0000]: <v6vg3979> Session authentication failed for v6vg3979g16nu9i2h4tfkbvga4; invalid auth cookie sent; timeslot = 2017-11-30 07:20:00
[30-Nov-2017 07:39:44 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 07:35:00
[30-Nov-2017 07:39:44 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512027000
[30-Nov-2017 07:40:46 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 07:40:00
[30-Nov-2017 07:40:46 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512027300
[30-Nov-2017 07:45:51 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 07:45:00
[30-Nov-2017 07:45:51 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512027600
[30-Nov-2017 07:50:16 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 07:50:00
[30-Nov-2017 07:50:16 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512027900
[30-Nov-2017 07:55:19 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 07:55:00
[30-Nov-2017 07:55:19 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512028200
[30-Nov-2017 08:00:19 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:00:00
[30-Nov-2017 08:00:19 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512028500
[30-Nov-2017 08:05:22 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:05:00
[30-Nov-2017 08:05:22 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512028800
[30-Nov-2017 08:10:00 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:10:00
[30-Nov-2017 08:10:00 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512029100
[30-Nov-2017 08:17:00 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:15:00
[30-Nov-2017 08:17:00 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512029400
[30-Nov-2017 08:20:18 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:20:00
[30-Nov-2017 08:20:18 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512029700
[30-Nov-2017 08:25:18 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:25:00
[30-Nov-2017 08:25:18 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512030000
[30-Nov-2017 08:30:19 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:30:00
[30-Nov-2017 08:30:19 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512030300
[30-Nov-2017 08:35:18 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:35:00
[30-Nov-2017 08:35:18 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512030600
[30-Nov-2017 08:40:19 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:40:00
[30-Nov-2017 08:40:19 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512030900
[30-Nov-2017 08:45:19 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:45:00
[30-Nov-2017 08:45:19 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512031200
[30-Nov-2017 08:50:20 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:50:00
[30-Nov-2017 08:50:20 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512031500
[30-Nov-2017 08:55:18 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 08:55:00
[30-Nov-2017 08:55:18 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512031800
[30-Nov-2017 09:00:19 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 09:00:00
[30-Nov-2017 09:00:19 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512032100
[30-Nov-2017 09:05:18 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 09:05:00
[30-Nov-2017 09:05:18 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512032400
[30-Nov-2017 09:10:18 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 09:10:00
[30-Nov-2017 09:10:18 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512032700
[30-Nov-2017 09:15:18 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 09:15:00
[30-Nov-2017 09:15:18 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512033000
[30-Nov-2017 09:20:19 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 09:20:00
[30-Nov-2017 09:20:19 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512033300
[30-Nov-2017 09:25:18 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 09:25:00
[30-Nov-2017 09:25:18 +0000]: <r7u9fnmo> Send new auth cookie for r7u9fnmoek1kmuus9qitj7lgp1: bIPIylwpkN07xlV8XAFQ426vjB-1512033600
[30-Nov-2017 15:43:14 +0000]: <r7u9fnmo> Session auth check failed for r7u9fnmoek1kmuus9qitj7lgp1; timeslot = 2017-11-30 15:40:00
[30-Nov-2017 15:43:14 +0000]: <r7u9fnmo> Session authentication failed for r7u9fnmoek1kmuus9qitj7lgp1; invalid auth cookie sent; timeslot = 2017-11-30 15:30:00
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 01, 2017, 12:39:29 PM
So are you able to login or is it hanging at the login page?
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 01, 2017, 12:43:11 PM
It's usually hanging.  Sometimes it surprises me and logs in, but hardly ever.  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 01, 2017, 07:49:21 PM
Enable imap_debug and post the log that is created when you try to login.
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 01, 2017, 08:15:09 PM
Already was enabled.  Below is 5.  :--)

[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] C: A0001 ID ("name" "Roundcube" "version" "1.2.7" "php" "5.6.32" "os" "Linux" "command" "/?_task=login")
[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] S: * ID ("name" "Dovecot")
[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] S: A0001 OK ID completed.
[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] C: A0002 AUTHENTICATE PLAIN ****** [57]
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 02, 2017, 01:20:13 PM
Whats the imap log when you can load the mailbox?
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 02, 2017, 01:59:35 PM
I coppied & pasted 5 logs from ths IMAP log file.  Where do I find what you are asking for?  I might be limited online for the time being.  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 03, 2017, 01:15:56 PM
I want to see the requests where Roundcube is requesting the inbox to see if the mail server is taking a long time to respond or if its not we can narrow down the problem to something else.
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 03, 2017, 02:28:02 PM
I appologize, I'm not sure where to find that info.  Is it in the whole IMAP error log file?  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 03, 2017, 06:05:32 PM
It should be added into the imap log file when Roundcube displays the inbox.
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 03, 2017, 07:59:35 PM
Here's a bunch of IMAP logs.  It should hsve what your looking for.  :--)

[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] C: A0001 ID ("name" "Roundcube" "version" "1.2.7" "php" "5.6.32" "os" "Linux" "command" "/?_task=login")
[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] S: * ID ("name" "Dovecot")
[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] S: A0001 OK ID completed.
[30-Nov-2017 07:05:54 +0000]: <oboq6gva> [5ED6] C: A0002 AUTHENTICATE PLAIN ****** [57]
[02-Dec-2017 05:20:10 +0000]: <0k7gaqu7> [B0D8] S: * ID ("name" "Dovecot")
[02-Dec-2017 05:20:10 +0000]: <0k7gaqu7> [B0D8] S: A0001 OK ID completed.
[02-Dec-2017 05:20:10 +0000]: <0k7gaqu7> [B0D8] C: A0002 AUTHENTICATE PLAIN ****** [57]
[02-Dec-2017 05:20:10 +0000]: <0k7gaqu7> [B0D8] S: A0002 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NAMESPACE NOTIFY COMPRESS=DEFLATE QUOTA] Logged in
[02-Dec-2017 05:20:10 +0000]: <0k7gaqu7> [B0D8] C: A0003 NAMESPACE
[02-Dec-2017 05:20:10 +0000]: <0k7gaqu7> [B0D8] S: * NAMESPACE (("INBOX." ".")) NIL NIL
[02-Dec-2017 05:20:10 +0000]: <0k7gaqu7> [B0D8] S: A0003 OK Namespace completed (0.001 + 0.000 secs).
[02-Dec-2017 05:20:10 +0000]: <uta090ci> [B0D8] C: A0004 LOGOUT
[02-Dec-2017 05:20:10 +0000]: <uta090ci> [B0D8] S: * BYE Logging out
[02-Dec-2017 05:20:10 +0000]: <uta090ci> [B0D8] S: A0004 OK Logout completed (0.001 + 0.000 secs).
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] C: A0001 ID ("name" "Roundcube" "version" "1.2.7" "php" "5.6.32" "os" "Linux" "command" "/mail-rec/?_task=mail&_token=Ss8JUHyxrd3Ed66PgfypQgSSwKXRrHbF")
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * ID ("name" "Dovecot")
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: A0001 OK ID completed.
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] C: A0002 AUTHENTICATE PLAIN ****** [57]
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: A0002 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NAMESPACE NOTIFY COMPRESS=DEFLATE QUOTA] Logged in
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] C: A0003 LIST (SUBSCRIBED) "" "*"
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * LIST (\Subscribed) "." INBOX.Junk
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * LIST (\Subscribed) "." INBOX.spam
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * LIST (\Subscribed) "." INBOX.Drafts
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * LIST (\Subscribed) "." INBOX.Trash
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * LIST (\Subscribed) "." INBOX.Sent
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: A0003 OK List completed (0.003 + 0.000 + 0.002 secs).
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] C: A0004 GETQUOTAROOT INBOX
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * QUOTAROOT INBOX Mailbox "cPanel Account"
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * QUOTA Mailbox (STORAGE 21310 102400)
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * QUOTA "cPanel Account" (STORAGE 700312 307200000)
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: A0004 OK Getquotaroot completed (0.001 + 0.000 secs).
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] C: A0005 LOGOUT
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: * BYE Logging out
[02-Dec-2017 05:20:11 +0000]: <uta090ci> [2142] S: A0005 OK Logout completed (0.001 + 0.000 secs).
[02-Dec-2017 05:55:00 +0000]: <nstov2hn> [78E9] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
[02-Dec-2017 05:55:00 +0000]: <nstov2hn> [78E9] C: A0001 ID ("name" "Roundcube" "version" "1.2.7" "php" "5.6.32" "os" "Linux" "command" "/mail-rec/?_task=login")
[02-Dec-2017 05:55:00 +0000]: <nstov2hn> [78E9] S: * ID ("name" "Dovecot")
[02-Dec-2017 05:55:00 +0000]: <nstov2hn> [78E9] S: A0001 OK ID completed.
[02-Dec-2017 05:55:00 +0000]: <nstov2hn> [78E9] C: A0002 AUTHENTICATE PLAIN ****** [57]
[02-Dec-2017 05:55:00 +0000]: <nstov2hn> [78E9] S: A0002 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NAMESPACE NOTIFY COMPRESS=DEFLATE QUOTA] Logged in
[02-Dec-2017 05:55:00 +0000]: <nstov2hn> [78E9] C: A0003 NAMESPACE
[02-Dec-2017 05:55:00 +0000]: <nstov2hn> [78E9] S: * NAMESPACE (("INBOX." ".")) NIL NIL
[02-Dec-2017 05:55:00 +0000]: <nstov2hn> [78E9] S: A0003 OK Namespace completed (0.001 + 0.000 secs).
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [78E9] C: A0004 LOGOUT
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [78E9] S: * BYE Logging out
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [78E9] S: A0004 OK Logout completed (0.001 + 0.000 secs).
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] C: A0001 ID ("name" "Roundcube" "version" "1.2.7" "php" "5.6.32" "os" "Linux" "command" "/mail-rec/?_task=mail&_token=2byPw1fo5Pv1K5Jfjeft35qFFGU5i2sn")
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * ID ("name" "Dovecot")
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: A0001 OK ID completed.
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] C: A0002 AUTHENTICATE PLAIN ****** [57]
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: A0002 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NAMESPACE NOTIFY COMPRESS=DEFLATE QUOTA] Logged in
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] C: A0003 LIST (SUBSCRIBED) "" "*"
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * LIST (\Subscribed) "." INBOX.Junk
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * LIST (\Subscribed) "." INBOX.spam
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * LIST (\Subscribed) "." INBOX.Drafts
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * LIST (\Subscribed) "." INBOX.Trash
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * LIST (\Subscribed) "." INBOX.Sent
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: A0003 OK List completed (0.001 + 0.000 secs).
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] C: A0004 GETQUOTAROOT INBOX
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * QUOTAROOT INBOX Mailbox "cPanel Account"
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * QUOTA Mailbox (STORAGE 21310 102400)
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * QUOTA "cPanel Account" (STORAGE 700312 307200000)
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: A0004 OK Getquotaroot completed (0.001 + 0.000 secs).
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] C: A0005 LOGOUT
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: * BYE Logging out
[02-Dec-2017 05:55:00 +0000]: <elqtg909> [B2A4] S: A0005 OK Logout completed (0.001 + 0.000 secs).
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 04, 2017, 01:39:48 AM
So I don't see any problems there so I don't think the mail server is at fault. Are there any errors in the browser JS console?
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 04, 2017, 02:28:57 PM
Error: Syntax error, unrecognized expression: #[object Object]  - Then accross the screen it shows jquery.min.js:34:12481  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 04, 2017, 10:04:08 PM
How did you install the update?
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 04, 2017, 10:13:39 PM
I downloaded fresh from GitHub, and uploaded via cPanel.  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 05, 2017, 12:08:44 AM
Did you download the release file and if so which file?
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 05, 2017, 12:52:15 AM
1.2.7 from GitHub.  cPanel installs are fine, but I need the melanie2 mobile skin.  That skin isn't compatible with the current Roundcube.  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 05, 2017, 02:50:06 AM
There are multiple ways of downloading 1.2.7 from Github, did you download using git, or download the roundcubemail-1.3.3.tar.gz or roundcubemail-1.3.3-complete.tar.gz version?
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 05, 2017, 08:30:26 AM
As I stated, I need 1.2.7 so I can use the melanie2 skin.  A number of people said that melanie2 isn't compatible with version 1.3 or higher.  I found that out also.   I need mobild friendly since It's almost 2018.  At GitHub, I selected 1.2.7 full.  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 05, 2017, 10:07:08 AM
So you installed  roundcubemail-1.2.7.tar.gz or roundcubemail-1.2.7-complete.tar.gz?
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 05, 2017, 11:27:52 AM
I think complete.  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 05, 2017, 12:21:46 PM
There is a difference, I'd recommend reinstalling with the complete version to see if that corrects the js problem.
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 05, 2017, 06:16:43 PM
I have roundcubemail-1.2.7-complete.tar.gz on my computer.  So it looks like I installed the proper one.  I installed that more than once already.  Why was the melanie2 skin only for the 1.2 versions of roundcube?  It would be a lot easier to use roundcube 1.3.3 or 1.3.4.  If melanie2 didn't bail out so quick, I would be up to date, and up and running last week.  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 05, 2017, 07:09:57 PM
The issue was the jquery_mobile plugin.  In the read me file for that plugin, it says don't add to config.  I removed that from config, and now the issue is fixed!  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 06, 2017, 02:22:12 PM
1.2.7 should run fine until 1.4 is released, correct?  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: SKaero on December 06, 2017, 05:26:36 PM
Yes, 1.2.x is still a supported branch so it would receive any security updates that are needed.
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 10, 2017, 03:26:14 PM
what config code do I use to auto have sound notifications for all new accounts?  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: JohnDoh on December 12, 2017, 10:41:44 AM
have you tried the newmail_notifier plugin that ships with Roundcube?
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 12, 2017, 07:21:17 PM
I have the plugin called from config.  But new accounts don't seem to have the sound option turned on by default.  :--)
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: alec on December 13, 2017, 02:04:44 AM
Copy plugins/newmail_notifier/config.inc.php.dist to plugins/newmail_notifier/config.inc.php, and then edit the new file.
Title: Re: Security updates 1.3.3, 1.2.7 and 1.1.10 released
Post by: ElasticUser on December 13, 2017, 05:43:56 PM
I added the below code to config.inc.php.  :--)

// Enables sound notification
$config['newmail_notifier_sound'] = true;