mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2025-04-04 00:17:06 +00:00
Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
This commit is contained in:
commit
ac35bdc544
27
CHANGELOG.md
27
CHANGELOG.md
@ -6,12 +6,37 @@ In Development
|
||||
|
||||
Mail:
|
||||
|
||||
* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed.
|
||||
* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
|
||||
* MTA-STS reporting is enabled with reports sent to administrator@ the primary hostname.
|
||||
* The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.
|
||||
|
||||
DNS:
|
||||
|
||||
* autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
|
||||
* IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.
|
||||
|
||||
TLS:
|
||||
|
||||
* TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.
|
||||
|
||||
Control Panel:
|
||||
|
||||
* User passwords can now have spaces.
|
||||
* Status checks for automatic subdomains have been moved into the section for the parent domain.
|
||||
* Typo fixed.
|
||||
|
||||
Web:
|
||||
|
||||
* The default web page served on fresh installations now adds the `noindex` meta tag.
|
||||
* The HSTS header is revised to also be sent on non-success responses.
|
||||
|
||||
v0.47 (July 29, 2020)
|
||||
---------------------
|
||||
|
||||
Security fixes:
|
||||
|
||||
* Roundcube is updated to version 1.4.7 fixing a cross-site scripting (XSS) vulnerability with HTML messages with malicious svg/namespace (CVE-2020-15562) (https://roundcube.net/news/2020/07/05/security-updates-1.4.7-1.3.14-and-1.2.11).
|
||||
* SSH connections are now rate-limited at the firewall level (in addition to fail2ban).
|
||||
|
||||
v0.46 (June 11, 2020)
|
||||
---------------------
|
||||
|
@ -1,6 +1,7 @@
|
||||
<html>
|
||||
<head>
|
||||
<title>this is a mail-in-a-box</title>
|
||||
<meta name="robots" content="noindex">
|
||||
</head>
|
||||
<body>
|
||||
<h1>this is a mail-in-a-box</h1>
|
||||
|
@ -288,7 +288,7 @@ function aliases_remove(elem) {
|
||||
},
|
||||
function(r) {
|
||||
// Responses are multiple lines of pre-formatted text.
|
||||
show_modal_error("Remove User", $("<pre/>").text(r));
|
||||
show_modal_error("Remove Alias", $("<pre/>").text(r));
|
||||
show_aliases();
|
||||
});
|
||||
});
|
||||
|
@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
|
||||
# want to display in status checks.
|
||||
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
|
||||
# This machine is running Ubuntu 18.04.
|
||||
TAG=v0.46
|
||||
TAG=v0.47
|
||||
|
||||
elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
|
||||
# This machine is running Ubuntu 14.04.
|
||||
|
@ -29,8 +29,8 @@ apt_install \
|
||||
# Install Roundcube from source if it is not already present or if it is out of date.
|
||||
# Combine the Roundcube version number with the commit hash of plugins to track
|
||||
# whether we have the latest version of everything.
|
||||
VERSION=1.4.6
|
||||
HASH=44961ef62bb9c9875141ca34704bbc7d6f36373d
|
||||
VERSION=1.4.7
|
||||
HASH=49F194D25AC7B9BF175BD52285BB61CDE7BAED44
|
||||
PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435
|
||||
HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
|
||||
CARDDAV_VERSION=3.0.3
|
||||
|
Loading…
Reference in New Issue
Block a user