Une mise à jour de sécurité est en cours concernant le webmail roundcube.
Explications détaillées
https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html
La mise à jour de sécurité est terminée.
Explications détaillées
J’ai d’abord tenté une mise à jour classique mais ce fut un échec, j’ai rencontré successivement ces erreurs en essayant de corriger la situation de diverses façon.
Info : DEBUG - + php8.3 /var/www/roundcube/composer.phar install --no-dev -d /var/www/roundcube --no-interaction --no-ansi
Info : DEBUG - Composer plugins have been disabled for safety in this non-interactive session. Set COMPOSER_ALLOW_SUPERUSER=1 if you want to allow plugins to run as root/super user.
Info : DEBUG - Do not run Composer as root/super user! See https://getcomposer.org/root for details
Info : DEBUG - For additional security you should declare the allow-plugins config with a list of packages names that are allowed to run code. See https://getcomposer.org/allow-plugins
Info : DEBUG - This warning will become an exception once you run composer update!
Info : DEBUG - Loading "roundcube/plugin-installer" which is a legacy composer-installer built for Composer 1.x, it is likely to cause issues as you are running Composer 2.x.
Info : DEBUG - Installing dependencies from lock file
Info : DEBUG - Verifying lock file contents can be installed on current platform.
Info : DEBUG - Your lock file does not contain a compatible set of packages. Please run composer update.
Info : DEBUG -
Info : DEBUG - Problem 1
Info : DEBUG - - Root composer.json requires php >=5.4.0 <8 but your php version (8.3.21) does not satisfy that requirement.
Info : DEBUG - Problem 2
Info : DEBUG - - kolab/net_ldap3 is locked to version dev-master and an update of this package was not requested.
Info : DEBUG - - kolab/net_ldap3 dev-master requires pear/net_ldap2 >=2.0.12 -> found pear/net_ldap2[dev-master] but it does not match the constraint.
Info : DEBUG -
Info : DEBUG - Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
ET
Info : DEBUG - Your requirements could not be resolved to an installable set of packages.
Info : DEBUG -
Info : DEBUG - Problem 1
Info : DEBUG - - This package requires php >=5.4.0 <8 but your PHP version (8.3.21) does not satisfy that requirement.
ET
- Removing pear/net_ldap2 (v2.2.0)
Info : DEBUG - - Removing pear/net_idna2 (v0.2.0)
Info : DEBUG - - Removing kolab/net_ldap3 (v1.1.3)
Info : DEBUG -
Info : DEBUG -
Info : DEBUG - [RuntimeException]
Info : DEBUG - Failed to execute git show-ref --head -d
Info : DEBUG -
Info : DEBUG - fatal: detected dubious ownership in repository at '/var/www/roundcube__2/vendor/kolab/net_ldap3'
Info : DEBUG - To add an exception for this directory, call:
Info : DEBUG -
Info : DEBUG - git config --global --add safe.directory /var/www/roundcube__2/vendor/kolab/net_ldap3
J’ai donc opté pour installer un nouveau roundcube temporaire supplémentaire et j’ai copié les dépendances:
mv /var/www/roundcube__3/.composer /var/www/roundcube__2/.composer
mv /var/www/roundcube__3/vendor /var/www/roundcube__2/vendor
cp /var/www/roundcube__3/composer.json /var/www/roundcube__2/
cp /var/www/roundcube__3/composer.lock /var/www/roundcube__2/
Puis j’ai mis à jour et c’est passé !
yunohost app upgrade roundcube__2
1 « J'aime »