From 2df7d8683108416e868a6e2ba6796a761b08f6b3 Mon Sep 17 00:00:00 2001
From: ctrl-i <1422608+ctrl-i@users.noreply.github.com>
Date: Sun, 1 Jun 2025 09:33:08 +0100
Subject: [PATCH 1/2] Update Dockerfile to contain latest roundcube version

Due to security update
---
 webmails/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webmails/Dockerfile b/webmails/Dockerfile
index 0408c3af..fb3df84b 100644
--- a/webmails/Dockerfile
+++ b/webmails/Dockerfile
@@ -28,7 +28,7 @@ RUN set -euxo pipefail \
   ; mkdir -p /run/nginx /conf
 
 # roundcube
-ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.6.10/roundcubemail-1.6.10-complete.tar.gz
+ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.6.11/roundcubemail-1.6.11-complete.tar.gz
 ENV CARDDAV_URL https://github.com/mstilkerich/rcmcarddav/releases/download/v5.1.0/carddav-v5.1.0.tar.gz
 
 RUN set -euxo pipefail \

From e21f2f388db79992a8b21a73bb30b669c0635222 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Tue, 10 Jun 2025 17:26:49 +0200
Subject: [PATCH 2/2] towncrier

---
 towncrier/newsfragments/3851.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 towncrier/newsfragments/3851.misc

diff --git a/towncrier/newsfragments/3851.misc b/towncrier/newsfragments/3851.misc
new file mode 100644
index 00000000..61f3eb9a
--- /dev/null
+++ b/towncrier/newsfragments/3851.misc
@@ -0,0 +1 @@
+Upgrade roundcube to 1.6.11. For the record, Mailu is not vulnerable to CVE-2025-49113, thanks to Snuffleupagus (see https://snuffleupagus.readthedocs.io/config.html#unserialize-noclass)