I work in InfoSec and my threat feeds warned me about a RoundCube vulnerability.
I was glad to see on the GitHub page that mailinabox has a new release with updated RoundCube.
I went to Mail-in-a-Box Maintenance Guide to read the upgrade instructions. I quote from the page:
Upgrading Mail-in-a-Box
You should move to the latest Mail-in-a-Box release as releases are posted, especially if an update addresses any security issues, although you do not necessarily need to do so. We will post release announcements to our twitter account @mailinabox, the announcements section of the discussion forum, and our Slack chat (see the homepage).
- The Twitter account is no longer active. It does mention a Mastodon account Mail-in-a-Box (@MailInABox@fosstodon.org) - Fosstodon though.
- It wasn’t announced in the announcements section of the forum. The last activity there was from 2022.
- Slack: the URL https://mailinabox.email/slack/ gives me a 502 Bad Gateway
I fully appreciate that communication channels can and will evolve over time, and often with good reason. Can this be reflected in the documentation on the website?
I propose the following changes:
- REMOVE link to Twitter (no longer in use)
- REMOVE link to announcements on forum (no longer in use)
- REMOVE link to Slack (broken)
- ADD link to Mastodon (in active use and current)
- ADD link to GitHub releases page Releases · mail-in-a-box/mailinabox · GitHub (in active use and current)
If there is agreement, then I will submit a pull request to the git repo that holds the website: GitHub - mail-in-a-box/mailinabox.email: The website at mailinabox.email.