Skip to content

Releases: ddavness/power-mailinabox

v0.50.POWER.0

26 Sep 23:49
@ddavness ddavness
v0.50.POWER.0
689df9c
Compare
Choose a tag to compare
v0.50.POWER.0

Relevant changes imported from upstream (Mail-in-a-Box v0.50)

  • An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced;
    • We already imported this change from master, but it's now in line with what they have got.
  • The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT;
  • autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary;
  • IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. (Example: xfr:2001:db8:85a3:3fa::7344)
    • We already had this, but it should be more robust now.
  • TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains;
  • User passwords can now have spaces;
  • Status checks for automatic subdomains have been moved into the section for the parent domain;
  • The default web page served on fresh installations now adds the noindex meta tag;
  • The HSTS header is revised to also be sent on non-success responses (e.g. 404s);
  • There is now an API documentation in api/docs that needs to be built.
    • Power-MiaB has new endpoints which are also documented.
Assets 2
Loading

v0.48.POWER.0

26 Aug 22:14
@ddavness ddavness
v0.48.POWER.0
a336931
Compare
Choose a tag to compare
v0.48.POWER.0

Changes imported from upstream (Mail-in-a-Box v0.48)

  • Updated Roundcube to version 1.4.8 to fix more XSS security vulnerabilities.
Assets 2
Loading

v0.47.POWER.0

30 Jul 13:44
@ddavness ddavness
v0.47.POWER.0
0cf4ed9
Compare
Choose a tag to compare
v0.47.POWER.0

Changes imported from upstream (Mail-in-a-Box v0.47)

  • Roundcube is updated to version 1.4.7 fixing a cross-site scripting (XSS) vulnerability with HTML messages with malicious svg/na$
  • SSH connections are now rate-limited at the firewall level (in addition to fail2ban)
Assets 2
Loading

v0.46.POWER.5 - Point-release LTS fixes

25 Jul 23:09
@ddavness ddavness
v0.46.POWER.5
dd7899a
Compare
Choose a tag to compare
v0.46.POWER.5 - Point-release LTS fixes

Fixes

  • The setup would refuse to work on Ubuntu's LTS point release (Ubuntu 20.04.1 LTS). I have corrected the lsb_release check and it now correctly recognizes point releases as supported.
  • dnspython released version 2.0.0, and with that, resolver.query() has been deprecated. You might have noticed some warns in your administrator emails about this. We're now calling the new method, resolver.resolve() - you shouldn't get any more messages concerning this.
    • I didn't submit the patch to the mainline MIAB because Ubuntu 18.04 still ships with dnspython 1.16.0 and as such resolver.resolve() does not exist.
Assets 2
Loading

v0.46.POWER.4 - User-initiated backups

22 Jul 10:57
@ddavness ddavness
v0.46.POWER.4
ac8c0ae
Compare
Choose a tag to compare
v0.46.POWER.4 - User-initiated backups

Fixes and internal changes

  • [CRITICAL] Fixed a bug where running the daily_tasks.sh cronjob would never actually finish (and the processes would never get cleaned up), causing a memory leak (in a matter of days the box could become unusable) - for more information, see this pull request;
  • The setup will no longer hardcode the php version/distribution name in scripts/files at setup-time. These are now fetched at runtime. (makes for cleaner code and avoids having unclean git statuses unnecessarily);

Feature additions

  • You can now forcefully initiate a backup from the admin panel (if backups are enabled).
Assets 2
Loading

v0.46.POWER.3 - Backups

29 Jun 08:47
@ddavness ddavness
v0.46.POWER.3
1d4d036
Compare
Choose a tag to compare
v0.46.POWER.3 - Backups

Fixes

  • I forgot to assign the PHP version dynamically in the backup script. This would make it impossible to do backups on Ubuntu (since php7.3 doesn't exist there)
Assets 2
Loading

v0.46.POWER.2 - MTA-STS Hotfix

28 Jun 09:13
@ddavness ddavness
v0.46.POWER.2
3876cba
Compare
Choose a tag to compare
v0.46.POWER.2 - MTA-STS Hotfix

This version tracks upstream v0.46

Fixes

  • MTA-STS policy should now be present in all domains.
  • robots.txt and favicon.ico logs are now disabled in all domains. (it's an .nginx.conf default now)
Assets 2
Loading

v0.46.POWER.1 - Certbot hotfix

27 Jun 20:34
@ddavness ddavness
v0.46.POWER.1
fcb44da
Compare
Choose a tag to compare
v0.46.POWER.1 - Certbot hotfix

This version tracks v0.46

Fixes

  • On certificate provisioning (admin panel), we're now also passing --register-unsafely-without-email.
Assets 2
Loading

v0.46.POWER.0

27 Jun 19:31
@ddavness ddavness
v0.46.POWER.0
7af4ab0
Compare
Choose a tag to compare
v0.46.POWER.0

This version tracks v0.46

Changes

  • Pulled commits from upstream, tracking v0.46
  • jquery updated to version 3.5.1
  • bootstrap updated to version 4.5.0
  • nextcloud updated to version 19.0.0
    • nextcloud/user_external updated to version 0.10.0

Fixes

  • Ensures compatiblity with minimal builds of Ubuntu (Oracle images) by installing the file package.
Assets 2
Loading

v0.46.POWER.RC.1 (Tracking updates)

21 Jun 22:00
@ddavness ddavness
v0.46.POWER.RC.1
7b357fa
Compare
Choose a tag to compare
v0.46.POWER.RC.1 (Tracking updates) Pre-release
Pre-release

Release Candidate:

  • Imported commits from upstream;
  • Updated dependencies
Assets 2
Loading