downtownallday
Joshua Tauberer
parent
30631b0fc5
commit
56074ae035
2 changed files with 8 additions and 0 deletions
|
|
@ -20,6 +20,10 @@ No features of Mail-in-a-Box have changed in this release, but with the newer ve
|
|||
* fail2ban is upgraded to 0.11.2.
|
||||
* nginx is upgraded to 1.18.
|
||||
|
||||
Also:
|
||||
|
||||
* Roundcube's login session cookie was tightened. Existing sessions may require a manual logout.
|
||||
|
||||
Version 57a (June 19, 2022)
|
||||
---------------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -141,6 +141,10 @@ cat > $RCM_CONFIG <<EOF;
|
|||
\$config['login_username_filter'] = 'email';
|
||||
\$config['password_charset'] = 'UTF-8';
|
||||
\$config['junk_mbox'] = 'Spam';
|
||||
/* ensure roudcube session id's aren't leaked to other parts of the server */
|
||||
\$config['session_path'] = '/mail/';
|
||||
/* prevent CSRF, requires php 7.3+ */
|
||||
\$config['session_samesite'] = 'Strict';
|
||||
?>
|
||||
EOF
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue