David Ferreira de Sousa Duque
|
d7d3561768
|
v0.48
Roundcube XSS vulnerability fixed.
-----BEGIN PGP SIGNATURE-----
iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl9GpkcPHGp0QG9jY2Ft
cy5pbmZvAAoJELkgQfTBC92BoYAH/2NjdfN2d6f45uPq/X32bBAc6wfI7Cs9yCKp
LOrAfPlmE0jRSm9ThATfZvaWci2r2IFhsFzQ9bWHpbIP5YD7mDD50I2uTnZa9BV4
MsI40VXoh0BAgkWRqK60rTw0lQ9YGT+1TNLDEs1Y7vBjfTCOh4MMn4jUXkIEHDQg
2pSHY1RUq7T0wRaHS+rTPDccotS/xCGg6uZJ+gSlvhRdxakAe9mo8139KD/4fjT8
HK6igpwHsn3POg7mmJoSYXtScmWRYfnSV9kyfYyVyjhu5/uIowdICwFOzX7G7ruM
yA/azBlyMs898e5jYFR1tQqQ1rVYVy/nqCQOiyJa34ngHGSi41U=
=a9fn
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl9G3ZEACgkQLzJ3OKPA
rjpEvQ//cG844Wv3samnABlRv2ZIjg6OXtjsE9OuN/O2exGhJ7wNhlJ5F3VyXP5Z
Tufm2HNc3sg9lQUVmyvFbSx03f/tgRdykH2HDS55Q3Q9YdpmZJBGlqsoMN/GIfjU
PDcLpN30XBt6S8qB/7d/U37ZW69OuFZLDRlwQZ66N/shxXkZSOp9U/9nH1Vf5OEU
/L5RVtsi/baDnauXDJWpyNsLKKEB4jCrlEiVI437cN2Yr3Y/d1u4pf3zQOEQmAGV
/A6fu2a9Kkc7IvcAKeoIvlyt+2gYw1zUDkBHf+LuSXGkxTt07L9Bjc7I6SY3DGo2
QiEVOMDPiKWl+0UQ73w/lwCUS7FbzaG/Mj2+c1pJ85UaZYbU5ovjJLesk+UPIG8Q
LmVCAHTw6QctZZi0BwP5epPk01zbeSBmRosT6b4l95G2sqh91CMNUjNRc7963yzB
Z36hpaWSqpGKyEjma9XFvGi9Tfkg1JxblLjmPVqbyez7bpAMgSw5FBWU1zjxjOmi
XOvGu/Fdu+gCre6IHfl8nTJNRc27UtJWTZjbQVl1OlbRx/h2QS/tKMpgN9VOrSV5
koi4TuX+T4kSE2S+atzlPOQuDIOHfdlxaU2mlwtqVfHBjlwE7FEcdfIGa5Pl6Blj
fFsDI7T6VGw2zup40vk/tRn5GY2KCPdp6rHhuCMA1PY6gerhhLw=
=3X2X
-----END PGP SIGNATURE-----
Merge upstream v0.48
|
2020-08-26 23:09:14 +01:00 |
|
Joshua Tauberer
|
62db58eaaf
|
v0.48
|
2020-08-26 14:11:01 -04:00 |
|
Joshua Tauberer
|
891de8d6c3
|
Upgrade Roundcube to 1.4.8
Merges #1809
|
2020-08-26 14:10:04 -04:00 |
|
David Duque
|
24c5d54f49
|
start.sh: Generate locales properly
|
2020-08-10 03:07:45 +01:00 |
|
David Duque
|
3d9f0e2135
|
Vagrant: Use libvirt/debian
|
2020-08-10 03:06:59 +01:00 |
|
David Duque
|
0cf4ed9a24
|
Version bump
|
2020-07-30 15:43:48 +01:00 |
|
David Duque
|
1ba62c6112
|
v0.47
v0.47 (July 29, 2020)
---------------------
Security fixes:
* Roundcube is updated to version 1.4.7 fixing a cross-site scripting (XSS) vulnerability with HTML messages with malicious svg/na$
* SSH connections are now rate-limited at the firewall level (in addition to fail2ban).
-----BEGIN PGP SIGNATURE-----
iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl8hh4APHGp0QG9jY2Ft
cy5pbmZvAAoJELkgQfTBC92BD8EIAKuNEHxgL0C0kkpAhuTlVXuoNEH/2FF6hYS7
7NqVrqOO1iVPGkGPhAh77CLpnvvJEhu9GeSWFhTrpI//5CvfafUQowmELClmDcYL
yxHqgoHX9O0PAd+uCLgO3MdAzFMVLNbPmt/uPgEHufnrrQGIGieB2iGWnf9xnnpf
wFSyQQnLofFpq7nH6qQvLNvh//zPQd7l/YV3ieEuT0dV4izg/Sr7Q5W6Zwn/q/ed
Btp4CizRFRFTmulIEM8an+jSXMMvdVkut6WDcl6ct8LZLoWwtEkWVeru9IVu4n9L
Lj8Bkt+8aRR6updnI/2tm0d7ZgFXWHc/+dfLCaK+aOlMD3qV9p0=
=xsgn
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl8i0EQACgkQLzJ3OKPA
rjopbg//T75ZyceGJVvDnzylhW65bIL8oUYiFLy/GOA39rmR1gjcwzHSaIP0kOtX
HPpm6rhPhVUKo8pjuWSvLnnNfz9QfJ4b6SqAN2Zg/hiqFdMEShGZNqvSQVvLkfxi
HHwa1C+TlRTD57HlVi9Y6TLX7YH65T9YmJol6KO30dGJRMIPssLg6K5k0Wf2Y2uG
E+6tipkiTPcHEaKIHUPdi5xxTL/QHVn+c+C0nsiflX7i9vC6P30e3yNsOvpk3q7V
XwD/bJfycUq8Qc5WhPsKoo287QY9XrkUco8vsVMDJJ1oCSIO1Ek5H/tgu2qB1QNJ
EGtcAYr09Fi8+5PLhmbTgRRWJ6ez6SaNnxsh8W5FhRpymgujoe4ghMiuYCwfHW13
ESB1KKZHGUiqP4nxHIgYyANrSP97qsZmVWUEQcwqhcP8BZY4NOzEsUKgIjTCTpVJ
CbRUJlgQow7s/R76aH3Crb7xhbE+2eQPDgKQ6AwDySWbPTDd3T6MtL0Oe2MZS8Wg
8mv02U+eqDfQ0TfD30vGIESARXJ1UJWfsLQzyyg7jBCTrIfSQt1IwFzXCASm78hs
kHN0/gmXUULQq0FslKV/zrfOsNEzKX+sCwjOMG7RMlWVcEVkRyXFvcajBj72mvZl
3kFOEqah8nErTStsP89Z+ltwfkVsWehu+vwP67NryRy4/B3y9fQ=
=CTVK
-----END PGP SIGNATURE-----
Merge upstream v0.47
|
2020-07-30 14:51:00 +01:00 |
|
hija
|
56d0289ed9
|
v0.47
|
2020-07-29 10:24:56 -04:00 |
|
Marcus Bointon
|
f253c40012
|
[backport] Add rate limiting of SSH in the firewall (#1770)
See #1767. Backport of cfc8fb484c .
|
2020-07-29 10:24:23 -04:00 |
|
Hilko
|
2c34a6df2b
|
Update roundcube to 1.4.7
|
2020-07-29 10:15:12 -04:00 |
|
David Duque
|
dd7899acca
|
Version bump
|
2020-07-26 01:03:28 +01:00 |
|
David Duque
|
5e597bb536
|
Update deprecated function from dnspython
|
2020-07-26 01:00:17 +01:00 |
|
David Duque
|
60911515fd
|
Support Ubuntu LTS point releases
|
2020-07-26 00:26:35 +01:00 |
|
David Duque
|
ac8c0ae762
|
Release v0.46.POWER.4
|
2020-07-22 12:45:18 +01:00 |
|
David Duque
|
16ae3038b3
|
Merge branch 'development'
|
2020-07-22 12:44:04 +01:00 |
|
David Duque
|
fc0bd12631
|
Acquire pools with the 'with' statement
|
2020-07-22 12:42:10 +01:00 |
|
David Duque
|
311e6c63e8
|
Render the 'Backup now' buttons even if there are already backups
|
2020-07-21 19:25:48 +01:00 |
|
David Duque
|
a0da88834c
|
Terminate the status checks process pool before exiting
|
2020-07-21 19:21:46 +01:00 |
|
David Duque
|
20b4f26e42
|
Use ubuntu/focal64 as main testbed
|
2020-07-15 15:28:47 +01:00 |
|
David Duque
|
c8fbe2dd5d
|
Determine the PHP version at runtime (instead of at setup-time)
|
2020-07-15 15:28:02 +01:00 |
|
David Duque
|
515a74ba11
|
Render the lsb_release at flask init time
Don't change the index.html file at setup time
|
2020-07-14 11:51:25 +01:00 |
|
David Duque
|
b562e7eefa
|
Hide the 'Create Backup' buttons when backups are turned off
|
2020-07-11 15:45:50 +01:00 |
|
David Duque
|
ccf60c7017
|
Backups: User-initiated and cron-initiated jobs will have the same lockname
So that some poor timing (initiating a backup when there's a cron-initiated backup)
doesn't screw everything up.
|
2020-07-11 09:16:32 +01:00 |
|
David Duque
|
e224b6b3b2
|
Update project status
|
2020-07-11 08:43:46 +01:00 |
|
David Duque
|
79e2398d71
|
Fix comment
|
2020-07-11 08:30:05 +01:00 |
|
David Duque
|
af9ef186b3
|
Add manual backup option
|
2020-07-10 15:48:37 +01:00 |
|
David Duque
|
199c2c50ba
|
Backups: Fix backup target selector width
|
2020-07-08 19:32:24 +01:00 |
|
David Duque
|
4a85250242
|
Revert vagrantfile to upstream config
|
2020-07-08 19:31:35 +01:00 |
|
David Duque
|
dd017c44c7
|
Update ideas section and roadmap
|
2020-07-08 15:00:04 +01:00 |
|
David Duque
|
3dfdb9a309
|
Update Vagrantfile to pull from development branch
|
2020-07-03 19:01:16 +01:00 |
|
David Duque
|
1d4d03637f
|
Version bump
|
2020-06-29 09:47:38 +01:00 |
|
David Duque
|
b98111b4e1
|
Fix unassigned php version
|
2020-06-29 09:13:50 +01:00 |
|
David Duque
|
3876cbac8a
|
Version bump
|
2020-06-28 10:06:50 +01:00 |
|
David Duque
|
ffc7e8d77e
|
Add comments explaining
|
2020-06-28 10:05:25 +01:00 |
|
David Duque
|
7f305ee02e
|
Add /.well-known/mta-sts.txt to all nginx dotfiles
|
2020-06-28 09:57:28 +01:00 |
|
David Duque
|
fcb44dafa3
|
Let's encrypt certbot hotfix
|
2020-06-27 21:32:36 +01:00 |
|
David Duque
|
7af4ab0f4f
|
Version bump
|
2020-06-27 20:27:49 +01:00 |
|
David Duque
|
7864055490
|
Upgrade Nextcloud
|
2020-06-27 19:39:03 +01:00 |
|
David Duque
|
7b357fa71b
|
Version bump (v0.46 rc)
|
2020-06-21 22:49:14 +01:00 |
|
David Duque
|
9a4cf4d7af
|
Update dependencies
|
2020-06-21 16:02:17 +01:00 |
|
David Duque
|
022a11e159
|
Merge remote-tracking branch 'up/master'
|
2020-06-21 15:52:31 +01:00 |
|
David Duque
|
74554bcbf3
|
Version bump
|
2020-06-21 15:45:34 +01:00 |
|
David Duque
|
5d6c23cff9
|
Finalize php configuration
|
2020-06-21 15:18:46 +01:00 |
|
David Duque
|
0ccbf1b809
|
Only spawn a thread pool when strictly needed
For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.
|
2020-06-21 15:05:17 +01:00 |
|
Joshua Tauberer
|
6fd3195275
|
Fix MTA-STS policy id so it does not have invalid characters, fixes #1779
|
2020-06-12 13:09:11 -04:00 |
|
David Duque
|
d01069f7f2
|
Automatically agree to ToS on SSL provision
|
2020-06-12 09:27:08 +01:00 |
|
Joshua Tauberer
|
224242dfde
|
Merge v0.46 point release branch
|
2020-06-11 12:25:49 -04:00 |
|
Joshua Tauberer
|
049bfb6f7f
|
v0.46
|
2020-06-11 12:23:18 -04:00 |
|
Joshua Tauberer
|
12d60d102b
|
Update Roundcube to 1.4.6
Fixes #1776
|
2020-06-11 12:21:17 -04:00 |
|
Joshua Tauberer
|
9db2fc7f05
|
In web proxies, add X-{Forwarded-{Host,Proto},Real-IP} and 'proxy_set_header Host' when there is a flag
Merges #1432, more or less.
|
2020-06-11 12:20:17 -04:00 |
|