We just published the fourth release candidate for the next major version 1.7 of Roundcube webmail.

This release fixes two minor issues, it's mostly published to fix a file permission problem in the previous release v1.7-rc3.

The changes are:

• Ensure correct file permissions when building a release.
• Installer: Fix broken link to download the created configuration file (#10092)

The tarballs can be downloaded from roundcube.net/download.

Or directly from the release page at github.com.

We believe it is production ready, but we recommend to test it on a separate environment.

Migrate existing configs with either the installto.sh or the update.sh scripts.

And don't forget to backup your data before installing it!

Source: https://roundcube.net/news/2026/02/13/roundcube-1.7-rc4-released
Get it Now: https://roundcube.net/download

Hi JohnDoh!

Quote from: JohnDoh on February 12, 2026, 09:00:13 AMsymfony/polyfill-php85

You were right, thanks for the hint! I had symfony/polyfill-php80 installed which might have worked until beta2 of Roundcube. The ReadMe of polyfill-php85 states the new functions array_first and array_last (amon others). I've upgraded it to symfony/polyfill-php85 and now it runs again.

I've seen many some to domains with Roundcube and others without, I do think they pickup domains that are on cPanel more often though since Roundcube is the default webmail for cPanel.

It was sent to info at my domain running RoundCube, which makes me think they might be scanning for instances.

Subject: Account Notice: Terms Update Required to Avoid Service Interruption
Date: Thu, 5 Feb 2026 20:31:12 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0B49_01DC96DE.5E1B0F10"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331

This is a multi-part message in MIME format.

------=_NextPart_000_0B49_01DC96DE.5E1B0F10
Content-Type: text/plain;
    charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

Important Notice About Your Account
Dear user,
If you do not accept the updated terms and conditions before February, 7, access to your Roundcube mailbox and related email services may be automatically suspended. After that date you may no longer be able to:
Send or receive emails Access contacts, calendar, or stored files
Use connected email apps (mobile clients, IMAP/POP3, etc.)
The acceptance process usually takes less than a minute.
Review and Accept Terms This message was sent by the Roundcube administration team. To stop receiving policy notifications, update your email preferences.

It contains a link to rdnundcube.com.

1.7 supports PHP >=8.1 <=8.5. What method did you use to perform your upgrade? It sounds like you are missing the symfony/polyfill-php85 library. However that has been needed since the first release candidate so it's odd that you are only having problems now.

I've just destroyed my dev instance of Roundcube 1.7 RC 2 by installing the security update 1.7 RC 3 as it is using functions like array_last(array $array) which are only available in PHP 8.5 and higher. Please include this into the Changelog as to me this seems to be undocumented.

We just published the third release candidate for the next major version 1.7 of Roundcube webmail.

This release fixes two security issues, and contains a few more fixes for several issues.

The security fixes are:

• Fix CSS injection vulnerability reported by CERT Polska.
• Fix remote image blocking bypass via SVG content reported by nullcathedral.

For the full changelog please see the release page.

The tarballs can be downloaded via roundcube.net.

Or directly from the release page at github.com.

We believe it is production ready, but we recommend to test it on a separate environment.

Migrate existing configs with either the installto.sh or the update.sh scripts.

And don't forget to backup your data before installing it!

Source: https://roundcube.net/news/2026/02/09/roundcube-1.7-rc3-released
Get it Now: https://roundcube.net/download

We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain fixes for recently reported two security vulnerabilities.

Security fixes

• Fix CSS injection vulnerability reported by CERT Polska.
• Fix remote image blocking bypass via SVG content reported by nullcathedral.

See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.13 and 1.5.13.

We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.

Source: https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
Get it Now: https://roundcube.net/download

I would consider Roundcube stable and easy to configure. It can get complex if your looking to add things like calendars, contact syncing, LDAP, Filters, etc. since all of those things are very environment specific.

I've run Roundcube on very small servers with any issues, as long as you run PHP it doesn't take up many resources.

Hi team,
I'm working on a personal mail server project and I'm hesitating to go with Roundcube for webmail. It seems to be the gold standard, but I'm afraid of getting bogged down in a nightmare installation. Honestly, guys, how stable is it? I'm looking for something solid that runs without me having to spend all night on it. I've seen links to support forums for netlinking and visibility, but I'm really interested in the pure technical side of things. Does anyone run this on a small configuration? Is it smooth, or does it slow down when there's a bit of traffic? I don't want to set up a complicated system just to read three messages.