3
0
Fork 0
forked from mirrors/nixpkgs

roundcube: 1.4.10 -> 1.4.11

ChangeLog: https://github.com/roundcube/roundcubemail/releases/tag/1.4.11

Most notably is the fix of a XSS vulnerability which allowed an attacker
to inject malicious code via CSS's `content'-property from an email[1].

[1] 9dc276d5f2
This commit is contained in:
Maximilian Bosch 2021-02-08 21:39:45 +01:00
parent d9d1f5627e
commit 27d21f84b6
No known key found for this signature in database
GPG key ID: 091DBF4D1FC46B8E

View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "roundcube";
version = "1.4.10";
version = "1.4.11";
src = fetchurl {
url = "https://github.com/roundcube/roundcubemail/releases/download/${version}/roundcubemail-${version}-complete.tar.gz";
sha256 = "03sjvmnrspkiq0w73xvp1w61pcxhv0djrdm3mvs8h0dp9pfc1n53";
sha256 = "sha256-rHMZBwwwX8LIjHcjYFVi2GBwMHMr7ukxzbQJHPBeabc=";
};
patches = [ ./0001-Don-t-resolve-symlinks-when-trying-to-find-INSTALL_P.patch ];