diff --git a/CHANGELOG.md b/CHANGELOG.md
index 36656e53..56159450 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,12 +6,37 @@ In Development
Mail:
-* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed.
+* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
* MTA-STS reporting is enabled with reports sent to administrator@ the primary hostname.
+* The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.
DNS:
* autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
+* IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.
+
+TLS:
+
+* TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.
+
+Control Panel:
+
+* User passwords can now have spaces.
+* Status checks for automatic subdomains have been moved into the section for the parent domain.
+* Typo fixed.
+
+Web:
+
+* The default web page served on fresh installations now adds the `noindex` meta tag.
+* The HSTS header is revised to also be sent on non-success responses.
+
+v0.47 (July 29, 2020)
+---------------------
+
+Security fixes:
+
+* Roundcube is updated to version 1.4.7 fixing a cross-site scripting (XSS) vulnerability with HTML messages with malicious svg/namespace (CVE-2020-15562) (https://roundcube.net/news/2020/07/05/security-updates-1.4.7-1.3.14-and-1.2.11).
+* SSH connections are now rate-limited at the firewall level (in addition to fail2ban).
v0.46 (June 11, 2020)
---------------------
diff --git a/conf/www_default.html b/conf/www_default.html
index edefc428..68d0366b 100644
--- a/conf/www_default.html
+++ b/conf/www_default.html
@@ -1,6 +1,7 @@
this is a mail-in-a-box
+
this is a mail-in-a-box
diff --git a/management/templates/aliases.html b/management/templates/aliases.html
index e8d0cb1c..848fcf49 100644
--- a/management/templates/aliases.html
+++ b/management/templates/aliases.html
@@ -288,7 +288,7 @@ function aliases_remove(elem) {
},
function(r) {
// Responses are multiple lines of pre-formatted text.
- show_modal_error("Remove User", $("").text(r));
+ show_modal_error("Remove Alias", $("").text(r));
show_aliases();
});
});
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index a499a2f1..7cc02d43 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
# want to display in status checks.
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
# This machine is running Ubuntu 18.04.
- TAG=v0.46
+ TAG=v0.47
elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
# This machine is running Ubuntu 14.04.
diff --git a/setup/webmail.sh b/setup/webmail.sh
index 7b15d287..71d4a858 100755
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -29,8 +29,8 @@ apt_install \
# Install Roundcube from source if it is not already present or if it is out of date.
# Combine the Roundcube version number with the commit hash of plugins to track
# whether we have the latest version of everything.
-VERSION=1.4.6
-HASH=44961ef62bb9c9875141ca34704bbc7d6f36373d
+VERSION=1.4.7
+HASH=49F194D25AC7B9BF175BD52285BB61CDE7BAED44
PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435
HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
CARDDAV_VERSION=3.0.3