parent
30631b0fc5
commit
56074ae035
2 changed files with 8 additions and 0 deletions
|
@ -20,6 +20,10 @@ No features of Mail-in-a-Box have changed in this release, but with the newer ve
|
||||||
* fail2ban is upgraded to 0.11.2.
|
* fail2ban is upgraded to 0.11.2.
|
||||||
* nginx is upgraded to 1.18.
|
* nginx is upgraded to 1.18.
|
||||||
|
|
||||||
|
Also:
|
||||||
|
|
||||||
|
* Roundcube's login session cookie was tightened. Existing sessions may require a manual logout.
|
||||||
|
|
||||||
Version 57a (June 19, 2022)
|
Version 57a (June 19, 2022)
|
||||||
---------------------------
|
---------------------------
|
||||||
|
|
||||||
|
|
|
@ -141,6 +141,10 @@ cat > $RCM_CONFIG <<EOF;
|
||||||
\$config['login_username_filter'] = 'email';
|
\$config['login_username_filter'] = 'email';
|
||||||
\$config['password_charset'] = 'UTF-8';
|
\$config['password_charset'] = 'UTF-8';
|
||||||
\$config['junk_mbox'] = 'Spam';
|
\$config['junk_mbox'] = 'Spam';
|
||||||
|
/* ensure roudcube session id's aren't leaked to other parts of the server */
|
||||||
|
\$config['session_path'] = '/mail/';
|
||||||
|
/* prevent CSRF, requires php 7.3+ */
|
||||||
|
\$config['session_samesite'] = 'Strict';
|
||||||
?>
|
?>
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue