I tried to update roundcube but now it does not work

Vido · June 11, 2025, 10:29am

Hi there,
Since I got CVE at roundcube I tried to update it and I followed this guide but now I can’t access my webmail any more, I have backup did try restoring it but still can’t access webmail, can someone help ? TNX

sahsanu · June 11, 2025, 10:43am

Hi @Vido

To update it you should follow this guide:

I don’t know which are all the changes you did so maybe you must do something more…

Vido · June 11, 2025, 8:21pm

Hi @sahsanu,
tnx for the gude, so Im trying to follow it but Im having question

:~# v-add-sys-roundcube
root@hcp:~# cd /var/lib/roundcube/
root@hcp:/var/lib/roundcube# COMPOSER_ALLOW_SUPERUSER=1 composer -n update
Command 'composer' not found, but can be installed with:
apt install composer
root@hcp:/var/lib/roundcube# apt install composer

and is log bellow normal ?


# COMPOSER_ALLOW_SUPERUSER=1 composer -n update
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 5 updates, 0 removals
  - Upgrading guzzlehttp/guzzle (7.9.2 => 7.9.3)
  - Upgrading guzzlehttp/promises (2.0.4 => 2.2.0)
  - Upgrading guzzlehttp/psr7 (2.7.0 => 2.7.1)
  - Upgrading pear/crypt_gpg (v1.6.9 => v1.6.11)
  - Upgrading symfony/deprecation-contracts (v2.5.4 => v3.6.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
  - Downloading symfony/deprecation-contracts (v3.6.0)
  - Upgrading symfony/deprecation-contracts (v2.5.4 => v3.6.0): Extracting archive
Generating autoload files
4 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found.

and which user I should use the one which I specified while installing hestia ?

root@hcp:/var/lib/roundcube# COMPOSER_ALLOW_SUPERUSER=1 /home/slobodan/.composer/composer -n update
Composer could not detect the root package (roundcube/roundcubemail) version, defaulting to '1.0.0'. See https://getcomposer.org/root-version
Loading composer repositories with package information
Updating dependencies
Nothing to modify in lock file
Writing lock file
Installing dependencies from lock file (including require-dev)
Nothing to install, update or remove
Generating autoload files
4 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found.
root@hcp:/var/lib/roundcube# /home/
korisnik/ opc/      slobodan/ ubuntu/

If you could help me clear some questions tnx

sahsanu · June 11, 2025, 8:25pm

Yes, it’s normal. I see no problem.