Roundcube

Roundcube is a web-based IMAP email client. Roundcube's most prominent feature is the pervasive use of Ajax technology. Roundcube is free and open-source software subject to the terms of the GNU General Public License (GPL-3.0-or-later), with exceptions for skins and plugins.

History
After about two years of development the first stable release of Roundcube was announced in early 2008.

In November 2023, the open-source file hosting software suite Nextcloud announced its partnership with Roundcube.

Security concerns
In 2023, a pro-Russia hacking group Winter Vivern exploited a zero-day vulnerability in RoundCube to attack European government entities and a think tank, as reported by researchers from ESET. This vulnerability was essentially a cross-site scripting error, and it was used to inject JavaScript into the Roundcube server application. Simply viewing a malicious email was sufficient to allow the attackers to run arbitrary JavaScript code in the Roundcube user's browser window, allowing them to access folders and emails in that user's account and send those emails to the attackers' servers.

As of late 2023, the most recent eight releases (1.6.5, 1.5.6, 1.6.4, 1.5.5, 1.4.15, 1.5.4, 1.4.14 and 1.6.3) all contained XSS-related fixes.

Technology
Roundcube is written in PHP and can be employed in conjunction with a LAMP stack, or any other operating systems that support PHP are supported as well. The web server needs access to the IMAP server hosting the email and to an SMTP server to be able to send messages.

Roundcube Webmail is designed to run on standard web servers such as Apache, LiteSpeed, Nginx, Lighttpd, Hiawatha or Cherokee in conjunction with a relational database engine. Supported databases are MySQL, PostgreSQL and SQLite. The user interface is rendered in XHTML and CSS and is fully customizable with skins.

Roundcube incorporates jQuery as part of its distribution, as well as other libraries such as GoogieSpell and TinyMCE.

Roundcube comes included with CPanel as of early 2008.

Plugins
Starting with version 0.3, Roundcube introduced a plug-in API which allows non-standard features to be added without the need to modify the source code. A variety of plug-ins are available from the Plugin Repository.

Project "Roundcube Next"
On 3 May 2015, Roundcube announced, in partnership with Kolab Systems AG, that they planned to completely rewrite Roundcube and create Roundcube Next. A crowdfunding campaign was set up to finance the project. The goal of $80,000 was reached on June 24. The final amount raised was US$103,541.

Roundcube Next was intended to include additional features like calendar, chat and file management. This was to be implemented using WebRTC and connectors from popular services like Dropbox and OwnCloud.

However, Kolab Systems and Roundcube stopped development on the project in 2016, with no information or refunds provided to project backers, leading to a failed crowdfund. A Roundcube developer later claimed Roundcube had no ownership over the Roundcube Next campaign, despite its public engagement and ownership on the crowdfund page.

Current features

 * Ajax technology spread throughout the user interface, allowing features such as drag-and-drop message management
 * Multilingual with over 70 languages
 * Connects to any IMAPv4 server
 * Encrypted TLSv1.2 connection to IMAP server using PHP 5.6 TLS libraries
 * Full support for MIME and HTML messages
 * Sophisticated privacy protection
 * Compose richtext/HTML messages with attachments
 * Multiple sender identities
 * Threaded message listing
 * IDNA support
 * Full-featured address book based on vCard with group support
 * LDAP directory integration for address books
 * Find-as-you-type address book integration
 * Forwarding messages with attachments
 * Built-in caching for fast mailbox access
 * Searching messages and contacts
 * Spell checking
 * Support for external SMTP server
 * OAuth support
 * Support for shared/global folders and IMAP ACLs
 * IMAP folder management
 * Pretty Good Privacy (PGP) and Mailvelope support
 * Template system for custom themes
 * Canned response templates
 * Three column (widescreen) mailbox view

Notable installations
Roundcube is used by a number of universities to provide email services to students and staff such as Sanger Institute Tata Institute of Social Sciences, University of Florida, Harvard University, University of Utah, University of Oregon, Stevens Institute of Technology, Norwegian University of Science and Technology, the Technical University of Dortmund, the University of Cambridge, the Indian Institute of Technology, Delhi, Indian Institute of Technology, Bombay, Institute of Physics, Bhubaneswar, Indian Institute of Science Education and Research Kolkata, Indian Institute of Technology, Kanpur, Indian Institute of Technology, Madras, University of Victoria, Bard College at Simon's Rock and Bilkent University.

In a 2009 interview, two of Roundcube's core developers noted that the largest deployment to that date that they were aware of was at the University of Michigan with 70,013 students. Roundcube is also used in the Kolab Now service which supports its further development.

CPanel includes Roundcube, as a result of which many hosting companies around the world such as HostGator, Media Temple, Gandi, OVH and others use RoundCube. Roundcube Webmail IMAP client was also incorporated into epesiBIM (epesi Business Information Manager), a web-based, open source CRM-like application.

Apple's Mac OS X 10.7 Lion Server operating system provided Roundcube as the default webmail client in Mail Server. In prior versions, SquirrelMail had been the default client.

In 2013, Iran's Ministry of ICT launched the national email service at mail.post.ir which used Roundcube. Synology Inc.'s DiskStation Manager (DSM) uses Roundcube for their Mail Station package.