[Pkg-roundcube-maintainers] New upstream release 1.1.5
Guilhem Moulin
guilhem at guilhem.org
Tue Apr 26 01:58:47 UTC 2016
Hi there,
Upstream released 1.1.5 a few days ago [0]. It delivers “important bug
fixes and helps protecting Roundcube against more XSS and CSRF attacks”.
Turns out updating the package from 1.1.4 was glitchless (and upstream
didn't include a .sql file), so I just pushed a new release to git.
Could anyone check it out and upload?
I've also prepared a backports. Due to the CVE I think it should be
uploaded quite soon, but maybe we can wait 5 days until 1.1.5 lands in
testing. (By the way I had to lower the minimum version of some PEAR
packages in composer.json to reflect the versions existing in stable.)
I had a brief look at the PHP7 transition (#817922,#821646,#821647,
#821648,#821649,#821650), and I agree with Sandro that we should wait
until 1.2-rc is promoted stable. Then the version in stretch will
diverge with the one in jessie-backports since the latter shall sick to
1.1.x.
By the way, do you have any insight on #813843? I agree with Antoine
that 0.9.5-1~bpo70+1 is riddled with known bugs and should be removed
from the wheezy-backports. Could anyone do the upload?
--
Guilhem.
[0] http://lists.roundcube.net/pipermail/dev/2016-April/023817.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20160426/00b47a69/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list