Roundcube Webmail 1.2.3

This is the third service release to update the stable version 1.2. It contains some important bug fixes and improvements which we picked from the upstream branch. A detailed list of changes is shown below. Included is a fix for a recently reported security issue when using PHP's mail() function. It has been discovered by Robin Peraglie using RIPS and more details along with a CVE number will be published shortly.

It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating!

CHANGELOG

• Fix vulnerability in handling of mail()'s 5th argument
• Searching in both contacts and groups when LDAP addressbook with group_filters option is used
• Fix To: header encoding in mail sent with mail() method (#5475)
• Fix flickering of header top-line in min-mode (#5426)
• Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447)
• Fix decoding of GB2312/GBK text when iconv is not installed (#5448)
• Fix regression where creation of default folders wasn't functioning without prefix (#5460)
• Enigma: Fix bug where last records on keys list were hidden (#5461)
• Enigma: Fix key search with keyword containing non-ascii characters (#5459)
• Fix bug where deleting folders with subfolders could fail in some cases (#5466)
• Fix bug where IMAP password could be exposed via error message (#5472)
• Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc,
  Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452)
• Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
• Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519)
• Fix missing content check when image resize fails on attachment thumbnail generation (#5485)
• Fix displaying attached images with wrong Content-Type specified (#5527)