Roundcube

Last updated

Roundcube
Original author Thomas Bruederli
Developer The Roundcube Team [1]
Initial releaseMarch 4, 2008;18 years ago (2008-03-04)
Stable release
1.6.13 [2]   OOjs UI icon edit-ltr-progressive.svg / 8 February 2026
Written in PHP
Operating system Cross-platform
Type Webmail
License GPL-3.0-or-later with exceptions for skins and plugins [3]
Website roundcube.net
Repository github.com/roundcube/roundcubemail

Roundcube is a web-based IMAP email client written in PHP. It uses Ajax throughout its interface and is licensed under the GNU GPL version 3 or later, with exceptions for skins and plugins. [3]

Contents

History

After roughly two years of development, the first stable release of Roundcube was announced on March 4, 2008. [4] cPanel adopted Roundcube as its bundled webmail client, replacing SquirrelMail.

On May 3, 2015, Roundcube announced, in partnership with Kolab Systems AG, a plan to completely rewrite the application as Roundcube Next. A crowdfunding campaign was set up to finance the project. The $80,000 goal was reached on June 24, 2015, [5] and the final amount raised was US$103,541. [6] Roundcube Next was intended to add calendar, chat, and file management features using WebRTC, with connectors for services such as Dropbox and ownCloud. Kolab Systems and Roundcube halted development in 2016, and backers received no updates or refunds. [7] A Roundcube developer later stated that the project had no ownership over the Roundcube Next campaign. [8]

In November 2023, Nextcloud announced a partnership with Roundcube. [9] [10]

Architecture

Roundcube runs on standard web servers such as Apache, LiteSpeed, Nginx, and Lighttpd, and can be deployed on any operating system that supports PHP. It works with a LAMP stack or comparable environment. The web server requires access to an IMAP server for reading mail and an SMTP server for sending. Supported databases are MySQL, PostgreSQL, and SQLite.

The user interface is rendered in XHTML and CSS and is fully customizable through skins. Roundcube ships with jQuery and additional libraries including GoogieSpell and TinyMCE.

Features

Roundcube supports over 70 interface languages and connects to any IMAPv4 server with encrypted TLS connections. The interface uses Ajax to enable drag-and-drop message management, threaded message listing, and find-as-you-type address-book lookup. It provides full support for MIME and HTML messages, rich-text composition, multiple sender identities, and spell checking. The address book supports vCard, group management, and LDAP directory integration. Additional capabilities include PGP encryption via Mailvelope, OAuth authentication, shared and global IMAP folders with ACL support, IDNA support, and a template system for custom themes.

Security

In 2023, the pro-Russia hacking group Winter Vivern [11] exploited a cross-site scripting vulnerability in Roundcube to attack European government entities and a think tank, as reported by researchers from ESET. [12] Opening a malicious email was sufficient to trigger the exploit, which could read folder contents and forward messages to attacker-controlled servers. [13]

See also

References

  1. "Dev_Members - Roundcube Webmail - Trac". Trac.roundcube.net. Archived from the original on October 2, 2011. Retrieved September 19, 2011.
  2. "Security updates 1.6.13 and 1.5.13 released". February 8, 2026. Retrieved February 24, 2026.
  3. 1 2 "Changeset 5787 - Roundcube Webmail". Archived from the original on April 26, 2012.
  4. "RoundCube Webmail 0.1-stable released". roundcube.net. March 4, 2008. Retrieved March 8, 2024.
  5. "Tweet from @roundcubenext".
  6. "RoundCube-Next is Woefully Behind Schedule". Phoronix. Archived from the original on October 19, 2021. Retrieved October 19, 2021.
  7. "In 2018, RoundCube Next Remains Dead In The Water". Phoronix. Archived from the original on October 19, 2021. Retrieved August 9, 2019.
  8. "What about Roundcube Next? · Issue #6030 · roundcube/roundcubemail". GitHub. Archived from the original on October 19, 2021. Retrieved August 9, 2019.
  9. Korotaev, Mikhail (November 29, 2023). "Open source email pioneer Roundcube joins the Nextcloud family". Nextcloud Blog. Retrieved December 2, 2023.
  10. Rudra, Sourav (December 1, 2023). "Open-Source Webmail Roundcube Joins Nextcloud". ItsFOSS.com. Retrieved December 2, 2023.
  11. "Winter Vivern | Uncovering a Wave of Global Espionage". March 16, 2023.
  12. "ESET Research: Winter Vivern attacks Roundcube webmail servers of governments in Europe through zero-day vulnerability". ESET. October 25, 2023. Archived from the original on October 28, 2023. Retrieved October 28, 2023.
  13. "Pro-Russia hackers target inboxes with 0-day in webmail app used by millions". Ars Technica. October 25, 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.