We just published the second release candidate for the next major version 1.7 of Roundcube webmail.

This release fixes two security issues and one syntax error in a database migration file for Postgres databases.

The changes are:

• Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike.
• Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev.
• Fix syntax error in DDL scripts for Postgres (#10052)

We believe it is production ready, but we recommend to test it on a separate environment.

Migrate existing configs with either the installto.sh or the update.sh scripts.

And don't forget to backup your data before installing it!

Source: https://roundcube.net/news/2025/12/15/roundcube-1.7-rc2-released
Get it Now: https://roundcube.net/download

We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain fixes for recently reported two security vulnerabilities.

Security fixes

• Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike.
• Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev.

See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.12 and 1.5.12.

We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.

Source: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
Get it Now: https://roundcube.net/download

Quote from: Kaleb47 on December 05, 2025, 02:50:07 PMReally excited for the Abu Dhabi GP with Lando, Max and Oscar still in contention to win the world drivers' championship.

Max pushed Lando till the end but he came just short as McLaren finished the season on a high by winning both the Championships.

The development team is pleased to announce the release candidate for the next major version 1.7 of Roundcube webmail!

With this milestone we introduce a few breaking changes (see below) and some further improvements in comparison to 1.7-beta2.

Some noteworthy changes are:

    Add scope parameter to contact search (#9863)
    Add ability to chose from all available contact fields on CSV import (#9419)
    Add a new plugin called markdown_editor that provides an alternative editor to compose emails using Markdown syntax.
    Add rel='noopener' to all links opening in a new window to mitigate against misuse in older browsers.

Breaking Changes

    Remove contact_search_name option in favor of contactlist_name_template (#9832)
    Replace session attribute changed by expires_at (to allow for variable session lengths per-user in a future change).
    Password: Removed the (insecure) virtualmin driver (#8007)

For full details and download links please read the release notes.

We believe it is production ready, but we recommend to test it on a separate environment.

Migrate existing configs with either the installto.sh or the update.sh scripts.

And don't forget to backup your data before installing it!

Source: https://roundcube.net/news/2025/12/10/roundcube-1.7-rc-released
Get it Now: https://roundcube.net/download

Good day Guys

Im working on migrating data from a PostgreSQL Roundcube database into MariaDB, and I've run into an issue with the collected_addresses table that I'd like some clarification on.

In PostgreSQL, the email column is defined as varchar(255) with default collation, which performs strict byte-wise comparisons. Because of this, PostgreSQL correctly treats accented characters as distinct. For example:

kardiológia@removed.

kardiologia@removed.

These coexist without conflict.

However, after importing into MariaDB, I receive a "Duplicate entry" error when inserting an address like kardiologia@..., because MariaDB's default collations (utf8mb4_unicode_ci, utf8mb4_general_ci, etc.) are accent-insensitive and fold characters like ó into o. This means MariaDB considers the two addresses equivalent at the index level.

To resolve this, I am considering changing the email column and the related UNIQUE index to use COLLATE utf8mb4_bin

This would ensure that email addresses are compared strictly based on their binary/Unicode code points and would match PostgreSQL's behavior.

Before I make this change, I want to check with the Roundcube team and community:

1) Is using utf8mb4_bin on collected_addresses.email safe and compatible with Roundcube's expected behavior?
2) Are there any pitfalls, side effects, or Roundcube features that may break when using binary collation on this column?

Any guidance, recommendations, or experiences would be greatly appreciated.
Thank you in advance.

Yes, 1.4.15 runs great for me!  To keep my woo hoo custom animated emojis, I Don't want to upgrade for as long as possible!   😎

Really excited for the Abu Dhabi GP with Lando, Max and Oscar still in contention to win the world drivers' championship.

Thank you John, will do!

Roundcube is not a service but free software which somebody installed for you. Please contact your internet hosting provider or IT responsible instead. If you don't know who this might be, please review your bills and find out who you're paying for email services.

I'm not receiving emails and received a server error. I'm accessing my email account by logging into the Webmail business site on Chrome.  I'm not having any internet issues or any issues receiving email to my personal gmail account. Any guidance on next steps? Thanks!