Releases: mailcow/mailcow-dockerized
Releases ยท mailcow/mailcow-dockerized
โก๐ Janmooary 2025 Update | The Update which changed the Full-text search (and which kicked out Nextcloud) | Revision A
โก๐ Janmooary 2025 Update | The Update which changed the Full-text search (and which kicked out Nextcloud) | Revision A
Latest
Warning
This update includes a fixed security issue.
Detailed information as well as CVE will follow in the next days.
What's Changed
- Remove discontinued Nixspam DNSBL by @mkuron in #6260
- clamd: update to 1.4.2 + build from source instead using alpine packages by @DerLinkman in #6273
- [Nginx] Fix by @FreddleSpl0it in #6281
- postfix: added master.pid removal and startsecs to supervisord by @DerLinkman in #6284
- [Postfix] update postscreen_access.cidr by @milkmaker in #6287
- [Nginx] Use vhosts for additional server names by @FreddleSpl0it in #6290
- [Nginx] Invert SKIP container condition 97890b7
- [Nginx] Add env var for HTTP to HTTPS redirection e645f93
Full Changelog: 2025-01...2025-01a
Blog: https://mailcow.email/posts/2025/release-2025-01/
Contributors
mkuron, DerLinkman, and 2 other contributors
Assets 2
โก๐ Janmooary 2025 Update | The Update which changed the Full-text search (and which kicked out Nextcloud)
Caution
Please create a backup before updating, as several internal components got major changes
FTS Changes
Due to the FTS change, all previous Solr Indices are unused. Once updated, FTS will be disabled automatically. If you had it enabled, change the Variable SKIP_FTS from y to n.
Nextcloud Removal
This update removes the integrated Nextcloud helper-script. Any running installations with the Nextcloud implementation are unsupported. Please consider a switch to a native Nextcloud installation instead.
Important
UI changes (related to netfilter-mailcow)
If you used the external Fail2Ban List Endpoint, you have to change the Endpoint URL to the one displayed in mailcow UI, as it has changed with this update.
For Systems with disabled IPv6
This Update included some changes for NGINX, make sure to check out the updated Disable IPv6 Documentation to apply the changes if needed.
Warning
This update include a fixed security issue. Which can only be exploited if an attacker has access to a victims computer.
Detailed information as well as CVE will follow in the next days.
What's Changed
- [Nginx] Use jinja2 for templating nginx configuration by @FreddleSpl0it in #6177
- [Web] remove f2b banlist from json_api.php by @FreddleSpl0it in #6168
- Enable password protection for Redis by @FreddleSpl0it in #6146
- [Web] add missing translation for ratelimit in templates overview by @FreddleSpl0it in #6180
- [Web] Add additional columns to _sogo_static_view by @FreddleSpl0it in #6181
- [Web] allow dots in dkim selectors by @FreddleSpl0it in #6182
- Only show active protocols on "last login" in mailbox overview by @Habetdin in #6076
- Update Russian translation by @Habetdin in #6184
- Translations update from Weblate by @milkmaker in #6190
- [Postfix] update postscreen_access.cidr by @milkmaker in #6189
- fix: check docker version fail in generate_config.sh #6187 by @i-curve in #6188
- Add initial Japanese language files by @kotaroman in #6198
- Implement search mailboxes by fullname by @h3ssan in #6186
- Remove legacy Nextcloud settings by @MAGICCC in #6050
- Add create command to prevent external: true warnings by @codiflow in #6203
- sogo: added SOGoDisableOrganizerEventCheck value to sogo.conf by @DerLinkman in #6204
- Translations update from Weblate by @milkmaker in #6206
- dovecot: replace solr fts with flatcurve (xapian) by @DerLinkman in #5680
- Translations update from Weblate by @milkmaker in #6209
- Translations update from Weblate by @milkmaker in #6221
- [Postfix] update postscreen_access.cidr by @milkmaker in #6232
- Translations update from Weblate by @milkmaker in #6235
- Translations update from Weblate by @milkmaker in #6238
- add temporary email description by @marekfilip in #6001
- Improve the existing validation flow for sieve filter by @PhoenixPeca in #6205
- Fix missing property in Create Sync Job request by @jan-oratowski in #6211
- Fix community support url by @gwelch-contegix in #6245
- Reduce sa rules download retry limit to 5 by @alyxto in #6225
- chore(deps): update actions/stale action to v9.1.0 by @renovate in #6247
- [Nginx] move conf.d include to end of nginx.conf by @FreddleSpl0it in #6256
New Contributors
- @i-curve made their first contribution in #6188
- @kotaroman made their first contribution in #6198
- @codiflow made their first contribution in #6203
- @marekfilip made their first contribution in #6001
- @jan-oratowski made their first contribution in #6211
- @gwelch-contegix made their first contribution in #6245
- @alyxto made their first contribution in #6225
Full Changelog: 2024-11b...2025-01
Blog: https://mailcow.email/posts/2025/release-2025-01/
Contributors
renovate, kotaroman, and 13 other contributors
Assets 2
๐ฎ๐ Moovember | Mailbox Rename, SOGo 5.11.1, Rspamd 3.10.2, and More | Revision B
Note
This Release Marks Revision B for 2024-11 and is fixing some bugs from 2024-11(a)
What's Changed
- mysql: increased thread_stack to 192k since 10.5.27 by @DerLinkman in d10d64d
- [Web] broadcast maildir move to dovecot containers on mailbox_rename by @FreddleSpl0it in 6d1f748
- [Web] update _sogo_static_view on password reset by @FreddleSpl0it in b9f52df
Full Changelog: 2024-11a...2024-11b
Contributors
DerLinkman and FreddleSpl0it
Assets 2
๐ฎ๐ Moovember | Mailbox Rename, SOGo 5.11.1, Rspamd 3.10.2, and More | Revision A
Note
This Release Marks Revision A for 2024-11 and is fixing some critical bugs from 2024-11
What's Changed
- update.sh: precaution ask for deletion of dns_blocklists.cf if old format by @DerLinkman in #6154
- [Web] Updated lang.zh-cn.json by @milkmaker in #6151
- compose: bump sogo version to include 5.11.2 by @DerLinkman in #6156
- php: use correct php image + workaround of #6149 by @DerLinkman & @FreddleSpl0it in #6159
Full Changelog: 2024-11...2024-11a
Contributors
DerLinkman, FreddleSpl0it, and milkmaker
Assets 2
๐ฎ๐ Moovember | Mailbox Rename, SOGo 5.11.1, Rspamd 3.10.2, and More
Caution
We got some reports of postfix not starting correctly (see #6143) before update delete the dns_blocklists.cf file in your data/conf/postfix folder to make sure this file is properly regenerated.
What's Changed
- Translations update from Weblate by @milkmaker in #6039
- Translations update from Weblate by @milkmaker in #6049
- Translations update from Weblate by @milkmaker in #6053
- [Postfix] update postscreen_access.cidr by @milkmaker in #6056
- feat: Added check for newer version tags on remote by @Finnlife in #6054
- chore(deps): update peter-evans/create-pull-request action to v7 by @renovate in #6059
- compose: added clamd as depends_on to rspamd by @DerLinkman in #6062
- [PHP-FPM] Use redis as session store by @FreddleSpl0it in #6044
- [SOGo] Fix vacation auto reply date shifting by @FreddleSpl0it in #6057
- show last sso login in mailbox table by @q16marvin in #5724
- feat/nginx-mailcow_brazilian-translations by @airon-assustadus in #6048
- Translations update from Weblate by @milkmaker in #6064
- Add missing
Russiantranslation by @h3ssan in #6065 - fix: added tls1.0/1.1 patch for openssl when using older tls versionsโฆ by @DerLinkman in #6105
- chore(deps): update thollander/actions-comment-pull-request action to v3 by @renovate in #6102
- [Postfix] update postscreen_access.cidr by @milkmaker in #6093
- chore(deps): update dependency nextcloud/server to v28.0.11 by @renovate in #6101
- chore(deps): update dependency phpredis/phpredis to v6.1.0 by @renovate in #6098
- chore(deps): update dependency php/pecl-mail-mailparse to v3.1.8 by @renovate in #6096
- chore(deps): update dependency krakjoe/apcu to v5.1.24 by @renovate in #6087
- sogo: upgrade to 5.11.1 by @DerLinkman in #6109
- postfix: add X-Original-To header per default by @DerLinkman in #6110
- php: upgrade to alpine 3.20 (base os) by @DerLinkman in #6106
- Update dependency twig/twig to v3.14.0 by @MAGICCC in #6071
- dovecot: activate lazy_expunge plugin per default (unconfigured) by @DerLinkman in #6112
- Update mime_types.conf configuration by @patschi in #6013
- lang.zh-tw.json "memory" translation fix by @SamWang8891 in #6114
- rspamd: update to 3.10.1 by @DerLinkman in #6115
- Translations update from Weblate by @milkmaker in #6120
- Feat/rspamd 3.10.2 by @DerLinkman in #6122
- Translations update from Weblate by @milkmaker in #6123
- [Web][DockerApi] Add Feature to Rename Email Addresses by @FreddleSpl0it in #6045
- chore(deps): update thollander/actions-comment-pull-request action to v3.0.1 by @renovate in #6130
- [Postfix] update postscreen_access.cidr by @milkmaker in #6129
- fix: broken sogo cron notifications (for appointments etc.) by @DerLinkman in #6128
- Translations update from Weblate by @milkmaker in #6140
New Contributors
- @Finnlife made their first contribution in #6054
- @q16marvin made their first contribution in #5724
- @airon-assustadus made their first contribution in #6048
- @SamWang8891 made their first contribution in #6114
Full Changelog: 2024-08a...2024-11
Contributors
renovate, patschi, and 9 other contributors
Assets 2
๐ถ๏ธ๐ Moogust Update 2024 | Revision A (Dovecot CVE Fixes)
What's Changed
- fix: ๐ Fixed version parsing of docker by @jkrgr0 in #6016
- Refactor/Change Dockerfiles cmd from shell to exec form by @h3ssan in #6019
- dovecot: added timeout option when sa-rules cannot be downloaded by @DerLinkman in #6025
- containers: use mariadb-admin instead of deprecated mysqladmin by @DerLinkman in #6026
- Fix: bash variables are not quoted by @h3ssan in #6022
- Replace weird character to the correct
'by @h3ssan in #6029 - Pushover/Quarantine utf 8 fix - fixes #6028 by @bluewalk in #6031
- 2024-08a by @DerLinkman in #6033
- Fix: Escape a
'character inupdate.shby @h3ssan in #6034
New Contributors
Full Changelog: 2024-08...2024-08a
Blog: https://mailcow.email/posts/2024/release-2024-08/
Contributors
jkrgr0, bluewalk, and 2 other contributors
Assets 2
๐ถ๏ธ๐ Moogust Update 2024 | Forgot Password?, SOGo 5.11, Rspamd 3.9.1 and More
What's Changed
- Translations update from Weblate by @milkmaker in #5980
- Allow prompt-less install on low-resource systems by @Ayowel in #5804
- dovecot: fix precompiling of sieve scripts by @DerLinkman in #5983
- Greek names of dovecot folders by @rallisf1 in #5972
- ui: added enotify and mime as valid options for ui by @DerLinkman in #5985
- Bug Fix: Check
mailcow.confexists before work with it by @h3ssan in #5987 - Fix typo in
update.sh: word Proceeding by @h3ssan in #5989 - Fix
LABELin Dockerfile, should be key=value by @h3ssan in #5990 - fix: change internal urls for containers using curl on alpine by @Doozy134 in #5967
- rspamd: upgrade to rspamd 3.9.1 by @DerLinkman in #5661
- Refactor:
update.shscript with--helpshould exit with status code 0 by @h3ssan in #5991 - [Fix] Watchdog: escape subject and body for webhooks by @mrclschstr in #5773
- Translations update from Weblate by @milkmaker in #5995
- Filter to limit ofelia scope by @Kitof in #5776
- restore: remove tty requirement from restore process to allow for automated restores by @muhlba91 in #5934
- Translations update from Weblate by @milkmaker in #5999
- [Rspamd] Fix bayes config by @dragoangel in #6000
- sogo: update to 5.11.0 + Rebase on Bookworm by @DerLinkman in #6002
- unbound: fix healthcheck logging + added fail tolerance to checks by @DerLinkman in #6004
- flatcurve-fts: limit tokenizers size in e-mail adress by @DerLinkman in #6006
- [Web] Add a forgot password flow by @FreddleSpl0it in #6009
- .github: Add pull_request_template.md by @DerLinkman in #6011
Sponsoring
Thank you to the Youth Foundation of Baden-Wรผrttemberg (Germany) for sponsoring the "Forgot Password?" feature!
New Contributors
- @Ayowel made their first contribution in #5804
- @rallisf1 made their first contribution in #5972
- @h3ssan made their first contribution in #5987
- @SailReal made their first contribution in #5945
- @Doozy134 made their first contribution in #5967
- @mrclschstr made their first contribution in #5773
- @Kitof made their first contribution in #5776
- @muhlba91 made their first contribution in #5934
Full Changelog: 2024-07...2024-08
Blog Post for additional informations: https://mailcow.email/posts/2024/release-2024-08/
Contributors
Kitof, muhlba91, and 10 other contributors
Assets 2
๐ฅ๐ Mooly Update 2024 | Security Update
โ ๏ธ Vulnerabilities fixedโ ๏ธ
CVE-2024-41958 - Two-Factor Authentication (2FA) Bypass Vulnerability
CVE-2024-41959 - XSS Vulnerability via API Logs
CVE-2024-41960 - XSS Vulnerability via Relay Hosts Configuration
What's Changed
- Do not add MAILCOW_WHITE on failed DMARC by @dragoangel in #5971
- [Postfix] update postscreen_access.cidr by @milkmaker in #5974
- Security fixes by @FreddleSpl0it in #5976
Full Changelog: 2024-06c...2024-07
Contributors
dragoangel, FreddleSpl0it, and milkmaker
Assets 2
๐๐ Moone Update 2024 | Revision C
What's Changed
- Revert "Update debug.twig to include a link to the git project URL for the mailcow version tag" by @DerLinkman in #5955
- Revert "php: Rebase on Debian 12" by @DerLinkman in #5956
Full Changelog: 2024-06b...2024-06c
Contributors
DerLinkman
Assets 2
๐๐ Moone Update 2024 | Revision B
What's Changed
- Enhanced regular expression for THREADS parameter by @torzech in #5634
- php: Rebase on Debian 12 to fix DNS Resolution bug (for now) by @DerLinkman in #5951
- web: remove WIP notice for ARM64 from ui by @DerLinkman in fc7ea7a
- [Postfix] update postscreen_access.cidr by @milkmaker in #5930
New Contributors
Full Changelog: 2024-06a...2026-06b
Contributors
torzech, DerLinkman, and milkmaker