v0.14
v0.14 (November 4, 2015) ------------------------ Mail: * Spamassassin's network-based tests (Pyzor, others) and DKIM tests are now enabled. (Pyzor had always been installed but was not active due to a misconfiguration.) * Moving spam out of the Spam folder and into Trash would incorrectly train Spamassassin that those messages were not spam. * Automatically create the Sent and Archive folders for new users. * The HTML5_Notifier plugin for Roundcube is now included, which when turned on in Roundcube settings provides desktop notifications for new mail. * The Exchange/ActiveSync backend Z-Push has been updated to fix a problem with CC'd emails not being sent to the CC recipients. Calender/Contacts: * CalDAV/CardDAV and Exchange/ActiveSync for calendar/contacts wasn't working in some network configurations. Web: * When a new domain is added to the box, rather than applying a new self-signed certificate for that domain, the SSL certificate for the box's primary hostname will be used instead. * If a custom DNS record is set on a domain or 'www'+domain, web would not be served for that domain. If the custom DNS record is just the box's IP address, that's a configuration mistake, but allow it and let web continue to be served. * Accommodate really long domain names by increasing an nginx setting. Control panel: * Added an option to check for new Mail-in-a-Box versions within status checks. It is off by default so that boxes don't "phone home" without permission. * Added a random password generator on the users page to simplify creating new accounts. * When S3 backup credentials are set, the credentials are now no longer ever sent back from the box to the client, for better security. * Fixed the jumpiness when a modal is displayed. * Focus is put into the login form fields when the login form is displayed. * Status checks now include a warning if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web. * Status checks now check that secondary nameservers, if specified, are actually serving the domains. * Some errors in the control panel when there is invalid data in the database or an improperly named archived user account have been suppressed. * Added subresource integrity attributes to all remotely-sourced resources (i.e. via CDNs) to guard against CDNs being used as an attack vector. System: * Tweaks to fail2ban settings. * Fixed a spurrious warning while installing munin.
This commit is contained in:
parent
3fd1279e7d
commit
57b4c685df
3 changed files with 10 additions and 8 deletions
|
@ -1,8 +1,8 @@
|
|||
CHANGELOG
|
||||
=========
|
||||
|
||||
In Development
|
||||
--------------
|
||||
v0.14 (November 4, 2015)
|
||||
------------------------
|
||||
|
||||
Mail:
|
||||
|
||||
|
|
12
README.md
12
README.md
|
@ -54,23 +54,25 @@ Clone this repository:
|
|||
$ cd mailinabox
|
||||
|
||||
_Optional:_ Download my PGP key and then verify that the sources were signed
|
||||
by me. You'll get a lot of warnings, but the fingerprint should match the
|
||||
fingerprint in the key details at [https://keybase.io/joshdata](https://keybase.io/joshdata)
|
||||
and on my [personal homepage](https://razor.occams.info/). (Of course, if this repository has been compromised you can't trust these instructions anyway.)
|
||||
by me:
|
||||
|
||||
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
|
||||
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
|
||||
|
||||
$ git verify-tag v0.13b
|
||||
$ git verify-tag v0.14
|
||||
gpg: Signature made ..... using RSA key ID C10BDD81
|
||||
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
|
||||
gpg: WARNING: This key is not certified with a trusted signature!
|
||||
gpg: There is no indication that the signature belongs to the owner.
|
||||
Primary key fingerprint: 5F4C 0E73 13CC D744 693B 2AEA B920 41F4 C10B DD81
|
||||
|
||||
You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matchs the
|
||||
fingerprint in the key details at [https://keybase.io/joshdata](https://keybase.io/joshdata)
|
||||
and on my [personal homepage](https://razor.occams.info/). (Of course, if this repository has been compromised you can't trust these instructions.)
|
||||
|
||||
Checkout the tag corresponding to the most recent release:
|
||||
|
||||
$ git checkout v0.13b
|
||||
$ git checkout v0.14
|
||||
|
||||
Begin the installation.
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
#########################################################
|
||||
|
||||
if [ -z "$TAG" ]; then
|
||||
TAG=v0.13b
|
||||
TAG=v0.14
|
||||
fi
|
||||
|
||||
# Are we running as root?
|
||||
|
|
Loading…
Reference in a new issue