This update of roundcubemail fixes one security issue and one bug.
- roundcubemail was updated to disallow unwanted access on files in the file system.
The apache2 configuration file for roundcubemail previously allowed access to the
roundcubemail/bin folder and possibly /logs, /config and /temp, if these
were not symlinks (this is only the case when manually changed).
This update comes with a fixed configuration. If you modified the
file "/etc/apache2/conf.d/roundcubemail.conf", please replace it
with the configuration "roundcubemail.conf.rpmnew" and reapply your
changes. After that, a restart of apache2 is requried.
- This update also fixes an issue that causes apache2 not to start because
"mod_version.c" is not loaded.
- Submitted by Aeneas Jaißle (aeneas_jaissle)