Merge #3649

3649: Upgrade snappymail to v2.38.2 (backport #3648) r=mergify[bot] a=mergify[bot] ## What type of PR? bug-fix ## What does this PR do? Upgrade snappymail to v2.38.2. This is a security fix for [GHSA-2rq7-79vp-ffxm](https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm) (mXSS) ### Related issue(s) ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. <hr>This is an automatic backport of pull request #3648 done by [Mergify](https://mergify.com). Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2025-08-10 22:31:47 +02:00 · 2024-11-17 14:47:40 +00:00
parent cfae470cbb 37964c8d93
commit af5cbc92f2
2 changed files with 2 additions and 1 deletions
--- a/towncrier/newsfragments/3648.bugfix
+++ b/towncrier/newsfragments/3648.bugfix
@@ -0,0 +1 @@
+Upgrade snappymail to v2.38.2 ; this is a security fix for GHSA-2rq7-79vp-ffxm (mXSS)
--- a/webmails/Dockerfile
+++ b/webmails/Dockerfile
@@ -54,7 +54,7 @@ COPY roundcube/config/config.inc.carddav.php /var/www/roundcube/plugins/carddav/

 # snappymail

-ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.36.4/snappymail-2.36.4.tar.gz
+ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.38.2/snappymail-2.38.2.tar.gz

 RUN set -euxo pipefail \
  ; mkdir  /var/www/snappymail \
				`@@ -0,0 +1 @@`
				`Upgrade snappymail to v2.38.2 ; this is a security fix for GHSA-2rq7-79vp-ffxm (mXSS)`