Because of a resonable security issue there seems to be the need for updating, right? Security update 1.6.4 released (roundcube.net) Is there a howto for update roundcube on CentOS 7 and ispconfig? Or has somebody done this sucessfully?
I don't think so. Was Roundcube installed from source on your system, or did you install it via a rpm package?
it was installed as guided in Perfect Server Centos 7 (from source). The Perfect Server – CentOS 7.6 with Apache, Postfix, Dovecot, Pure-FTPD, BIND and ISPConfig 3.1 (howtoforge.com) Is there as possibility to change this to rpm because of updates?
Not sure if you would get recent RoundCube versions as RPM. In regards to roundCube update, its described here: https://github.com/roundcube/roundcubemail/blob/master/UPGRADING Make a backup of the /usr/share/roundcubemail folder and roundcube database, just to be sure, and then I would give the update script a try, the installation folder is: /usr/share/roundcubemail
as there are serious zero-day problem in older installations, is there a chance that a HowTo is created? (for Centos 7.6 Perfect Server's)? Winter Vivern nutzt Zero-Day-Schwachstelle in Roundcube Webmail-Servern aus (welivesecurity.com) Can I just run the upgrade script /./bin/instalto.sh" and all is fine? Becaue reading the "upgrading instructions" here are my questions (be-)for upgrading: - (default in my case) installation directory for roundcubemail is "/usr/share/roundcubemail" right? WARNING section: - MariaDB < 10.2.2 - howto (where) configure "innodb_large_prefix=1, ..." (have MariaDB v5.5.68-1) Post-Upgrade Activities: - 2. is the "build-in addressbook" installed? HowTo check? - 4. which "temp_dir" is meant?
Remi Collet provides through his EL7 Repository at https://rpms.remirepo.net/ Roundcube Webmail via RPM. However, CentOS 7 will reach end of life on June 30, 2024 and all the familiar 3rd party repositories like EPEL or Remi will drop their support by this date for Enterprise Linux 7. You should start thinking about to migrate your server to a more recent Enterprise Linux offspring like AlmaLinux or Rocky Linux 9.
is it possible to install this rpm just over existing installation or will this break my ispconfig and/or roundcube installation/configuration?
It's unlikely that it will break your ISPConfig but more likely that it could break your existing Roundcube. Just make a backup of your Roundcube folders and /etc if you don't revision it via etckeeper so that you can return to a previous commit. The rpm packages provided by Remi will also only install in /var/lib/roundcube and it will create the FPM and webserver configs for you, so you may have to make further adjustments yourself. Regarding: You have to put this value in your /etc/my.cnf under [mysqld]. After that restart the SQL server.
Why don't you do what I suggested in #4? Make a backup copy of the roundcube directory and its database and run the upgrade script. If something does not work, then you can always restore the backup you've made. And regarding post upgrade, if you notice that the addressbook doe snot work after upgrade, then you know that you might want to run that upgrade script and regarding temp dir, its location is likely to be found in roundcube config file.
no luck: ./bin/installto.sh /usr/share/roundcubemail Unsupported PHP version. Required PHP >= 7.3.[root@c7 roundcubemail-1.6.4]# do I get problems with ispconfig upgrading to PHP 7.4, and howto? (do I need upgrade all packages "php php-mysql php-mbstring phpmyadmin")
error: Unsupported PHP version. Required PHP >= 7.3.[root@c7 roundcubemail-1.6.4] tried to upgrade php to v7.4 (yum install php74) and seems to work, but above error presists when starting roundcube upgrade script.
I don't have much experience with CentOS that much to help but I agree that default php in Centos 7.6 may be updated, at least to php7.4 thus you should search for any of its howto. This is one that I found with note that you should also update all other default php packages that you installed as well: https://www.ezeelogin.com/kb/article/how-to-upgrade-php-to-7-4-on-centos-7-393.html. Do take care to update what is necessary for ISPConfig as well. Anyway, it is nice to note that RC have its own upgrade script which may be useful for custom install though I don't think it would work well with yum install or apt install or Debian / Ubuntu. May be in the future, we should consider custom install if it is not to troublesome to add it in ISPConfig Auto Installer as it may be easier to update.
This command only installs php74 additionally to your default/base PHP version. You need to enable the PHP 7.4 repository to actually overwrite your OS PHP version by executing: Code: yum-config-manager --enable remi-php74 yum update php\* You should also update your CentOS to the latest version, which is 7.9.2009 and also your ISPConfig, if you haven't yet. CentOS 7.6 is really reallly old and shouldn't be used outside of local networks anymore and if your ISPConfig should date back to the release date of CentOS 7.6 as well, then it won't run with a more recent PHP version like PHP 7.4, once it is installed. edit I see ahrasis also posted a link to the commands to update the PHP version.
The current RoundCube issue is not an issue in the way that it#s risky to have it installed on your server. The risk is in using it for the user, not the server. So if you use RoundCube just for yourself, then not using it is enough. If you have customers that use it, then you can disable it by removing the following config file /etc/httpd/conf.d/roundcubemail.conf and then restart the web server (httpd).
upgrade seems to work - but sending mails from roundcube now fails with error: "SMTP error (); the connection faild." sending mails from roundcube prior upgrade worked and sending mails direct with postfix works after upgrade.
Have a look into the RoundCube config file to check which smtp server and port it tries to use. If it uses port 587, try changing it to port 25.