It looks like its possible to manually patch this: I only found the program/lib/Roundcube/rcube_string_replacer.php under /usr/local/lib/roundcubemail/program/lib/Roundcube/rcube_string_replacer.php and made edits to the file directly.
I did not find tests/Framework/StringReplacer.php
or
tests/Framework/Text2Html.php
Anyone able to check my rationale here? I can’t upgrade Ubuntu 18 → 22 and (miab version) at this time.
I think it’s best and easiest for you to update the complete roundcube. Then you have all the security updates included, and no mess with editing individual files.
Start by editing the file setup/webmail.sh in the mail in a box folder. Then change VERSION to 1.5.6 (it should be on 1.5.2 or so)
Once you run sudo setup/webmail.sh you’ll get an error on mismatching hash. Use the hash there to update HASH= variable in the sh file. Run sudo setup/webmail.sh again to really install roundcube.
If it does not work you can roll back by reversing the changes to the sh file and running it again.
I’ve already modified the actual file, but this would bring me from 1.5.2 to 1.5.6 which probably has other enhancements. If I’m reading this correctly. You can just jump from one to the other?
Looking at the release notes, 1.5.3 has a number of fixes while 1.5.4 through 1.5.6 are security updates. That means no breaking changes are foreseen, and you can indeed jump these versions.
But it’s good you mention this, to be sure, you can backup the database, stored under /home/user-data/mail/roundcube.