Created attachment 245685 [details] git diff for mail/roundcube to 1.6.4 https://roundcube.net/news/2023/10/16/security-update-1.6.4-released Patch tested on FreeBSD 12.4 with PHP 8.1 (incl. contextmenu, carddav and managesieve).
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f45b7f2ad708d085a77bbad543650c75aff42376 commit f45b7f2ad708d085a77bbad543650c75aff42376 Author: Alex Dupre <ale@FreeBSD.org> AuthorDate: 2023-10-17 13:19:58 +0000 Commit: Alex Dupre <ale@FreeBSD.org> CommitDate: 2023-10-17 13:21:43 +0000 mail/roundcube: update to 1.6.4 release Enable support for PHP 8.2. PR: 274520 Submitted by: Fabian Wenk <fabian@wenks.ch> mail/roundcube/Makefile | 4 ++-- mail/roundcube/distinfo | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-)
Quarterly is affected by the same CVE (CVE-2023-5631). Recommend patching or updating the quarterly package as well. Release 1.6.4 does have more changes than only resolving the security issue [1]. [1] https://github.com/roundcube/roundcubemail/releases/tag/1.6.4