diff --git a/CHANGELOG.md b/CHANGELOG.md
index 57fc8102..a9c78f33 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,13 +33,23 @@ v1.8.0 - 2020-09-28
 - Features: Added CardDAV-Plugin for webmail roundcube. ([#1298](https://github.com/Mailu/Mailu/issues/1298))
 - Features: Allow users to use server-sided full-text-search again by adding the dovecot fts-xapian plugin ([#1320](https://github.com/Mailu/Mailu/issues/1320))
 - Features: Relay a domain to a nonstandard SMTP port by adding ":<port_num>" to the remote hostname or IP address. ([#1357](https://github.com/Mailu/Mailu/issues/1357))
+- Features: Allow to enforce TLS for outbound mail by setting OUTBOUND_TLS_LEVEL=encrypt for postfix. ([#1478](https://github.com/Mailu/Mailu/issues/1478))
 - Features: Introduce option to disable dovecot full-text-search by an enviroment variable. ([#1538](https://github.com/Mailu/Mailu/issues/1538))
 - Features: Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts. ([#1635](https://github.com/Mailu/Mailu/issues/1635))
+- Bugfixes: Fix the password encoding upon authentication ([#1139](https://github.com/Mailu/Mailu/issues/1139))
+- Bugfixes: Fix piping mail into rspamd when moving from/to junk-folder ([#1177](https://github.com/Mailu/Mailu/issues/1177))
+- Bugfixes: Separate HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI because of different ports ([#1190](https://github.com/Mailu/Mailu/issues/1190))
+- Bugfixes: Make postfix mailqueue persistent ([#1208](https://github.com/Mailu/Mailu/issues/1208))
+- Bugfixes: Kubernetes manifests updated to be compatible with Kubernetes 1.16 (breaks compatibility with older k8s versions) ([#1241](https://github.com/Mailu/Mailu/issues/1241))
 - Bugfixes: Use pip package for radicale to fix failing builds caused by [alpine]upstream package rebuild against different python version ([#1255](https://github.com/Mailu/Mailu/issues/1255))
+- Bugfixes: Ratelimit counts up on failed auth only now ([#1278](https://github.com/Mailu/Mailu/issues/1278))
 - Bugfixes: Disable Health checks on swarm mode ([#1289](https://github.com/Mailu/Mailu/issues/1289))
+- Bugfixes: Enable the From header for message delivery report in Roundcube and ensure DKIM Signature ([#1381](https://github.com/Mailu/Mailu/issues/1381))
+- Bugfixes: Fix alias resolution in regard to case: A specifically matching alias of wrong case is now preferred over a wildcard alias that might have »eaten« it previously. ([#1387](https://github.com/Mailu/Mailu/issues/1387))
 - Bugfixes: Show SPF records in accordance with RFC 7208: Previously we instructed admins to create SPF and TXT records, where only TXT records are correct now. !! Attention !! You need to manually remove the SPF-typed records and keep only TXT in your DNS. ([#1394](https://github.com/Mailu/Mailu/issues/1394))
 - Bugfixes: Cover relearning messages when moving bewteen Ham and Spam status ([#1438](https://github.com/Mailu/Mailu/issues/1438))
 - Bugfixes: Defining POSTMASTER through setup tool apply also to DMARC_RUA and DMARC_RUF settings ([#1463](https://github.com/Mailu/Mailu/issues/1463))
+- Bugfixes: Allow IPv6 authenticated connections in PostgreSQL pg_hba.conf ([#1479](https://github.com/Mailu/Mailu/issues/1479))
 - Bugfixes: Check postfix mailqueue permissions before start-up ([#1486](https://github.com/Mailu/Mailu/issues/1486))
 - Bugfixes: Fixes certbot renewal ([#1564](https://github.com/Mailu/Mailu/issues/1564))
 - Improved Documentation: Added documentation that describes how spam filtering works in Mailu. ([#1167](https://github.com/Mailu/Mailu/issues/1167))
diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py
index fa127584..1e0b16c2 100644
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@@ -84,7 +84,7 @@ def get_status(protocol, status):
     return status, codes[protocol]
 
 def extract_host_port(host_and_port, default_port):
-    host, _, port = re.match('^(.*)(:([0-9]*))?$', host_and_port).groups()
+    host, _, port = re.match('^(.*?)(:([0-9]*))?$', host_and_port).groups()
     return host, int(port) if port else default_port
 
 def get_server(protocol, authenticated=False):
diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index 8f6eaa0d..df598c94 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -106,7 +106,7 @@ http {
       {% endif %}
 
       # If TLS is failing, prevent access to anything except certbot
-      {% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not TLS_FLAVOR == "mail" %}
+      {% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %}
       location / {
         return 403;
       }
diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf
index 72828ea6..8f35f609 100644
--- a/core/postfix/conf/main.cf
+++ b/core/postfix/conf/main.cf
@@ -126,3 +126,5 @@ milter_default_action = tempfail
 ###############
 # Extra Settings
 ###############
+{# Ensure that the rendered file ends with newline in order to make `postconf` work correctly #}
+{{- "\n" }}
diff --git a/docs/assets/screenshots/status.png b/docs/assets/screenshots/status.png
deleted file mode 100644
index 142c0c81..00000000
Binary files a/docs/assets/screenshots/status.png and /dev/null differ
diff --git a/docs/features.rst b/docs/features.rst
index 4aadef58..a5f2e0f4 100644
--- a/docs/features.rst
+++ b/docs/features.rst
@@ -16,10 +16,6 @@ Admin interface screenshots
 
    Managing email domains
 
-.. figure:: assets/screenshots/status.png
-
-   Displaying service status
-
 .. figure:: assets/screenshots/token.png
 
    Creating an authentication token
diff --git a/docs/reverse.rst b/docs/reverse.rst
index 9a7a7dc0..de710dff 100644
--- a/docs/reverse.rst
+++ b/docs/reverse.rst
@@ -225,6 +225,6 @@ You can also download the example configuration files:
 Disable completely Mailu reverse proxy
 --------------------------------------
 
-You can simply disable Mailu reverse proxy by removing the ``front`` section from the ``docker-compose.yml`` and use your own means to reverse proxy requests to the proper containers.
+You must not disable Mailu reverse proxy by removing the ``front`` section from the ``docker-compose.yml``.
 
-Be careful with this method as resolving container addresses outside the Docker Compose structure is a tricky task: there is no guarantee that addresses will remain after a restart and you are almost certain that addresses will change after every upgrade (and whenever containers are recreated).
+``front`` is handling authentication and is also proxying e.g. SMTP and IMAP. A basic HTTP reverse proxy as described in this document is not sufficient for this.
diff --git a/optional/fetchmail/fetchmail.py b/optional/fetchmail/fetchmail.py
index 98b61c4c..4be3c2bd 100755
--- a/optional/fetchmail/fetchmail.py
+++ b/optional/fetchmail/fetchmail.py
@@ -28,7 +28,7 @@ poll "{host}" proto {protocol}  port {port}
 
 
 def extract_host_port(host_and_port, default_port):
-    host, _, port = re.match('^(.*)(:([0-9]*))?$', host_and_port).groups()
+    host, _, port = re.match('^(.*?)(:([0-9]*))?$', host_and_port).groups()
     return host, int(port) if port else default_port
 
 
diff --git a/setup/templates/macros.html b/setup/templates/macros.html
index 4af20c4e..17cef872 100644
--- a/setup/templates/macros.html
+++ b/setup/templates/macros.html
@@ -12,7 +12,7 @@
 {% macro radio(name, value, emph, text, current) %}
   <div class="radio">
     <label>
-      <input type="radio" name="{{ name }}" value="{{ value }}"{% if current == value %} checked="checked"{% endif %}>
+      <input type="radio" name="{{ name }}" value="{{ value }}"{% if current == value %} checked="checked"{% endif %} required="required">
       {% if emph %}
       <strong>{{ emph }}</strong>,
       {% endif %}
diff --git a/towncrier/1478.feature b/towncrier/1478.feature
deleted file mode 100644
index fcfe6ea2..00000000
--- a/towncrier/1478.feature
+++ /dev/null
@@ -1 +0,0 @@
-Allow to enforce TLS for outbound mail by setting OUTBOUND_TLS_LEVEL=encrypt for postfix.
\ No newline at end of file
diff --git a/towncrier/newsfragments/1139.fix b/towncrier/newsfragments/1139.fix
deleted file mode 100644
index a096a718..00000000
--- a/towncrier/newsfragments/1139.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix the password encoding upon authentication
diff --git a/towncrier/newsfragments/1177.bug b/towncrier/newsfragments/1177.bug
deleted file mode 100644
index 752543d2..00000000
--- a/towncrier/newsfragments/1177.bug
+++ /dev/null
@@ -1 +0,0 @@
-Fix piping mail into rspamd when moving from/to junk-folder
diff --git a/towncrier/newsfragments/1190.fix b/towncrier/newsfragments/1190.fix
deleted file mode 100644
index fe365de9..00000000
--- a/towncrier/newsfragments/1190.fix
+++ /dev/null
@@ -1 +0,0 @@
-Separate HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI because of different ports
\ No newline at end of file
diff --git a/towncrier/newsfragments/1208.fix b/towncrier/newsfragments/1208.fix
deleted file mode 100644
index 04aee51f..00000000
--- a/towncrier/newsfragments/1208.fix
+++ /dev/null
@@ -1 +0,0 @@
-Make postfix mailqueue persistent
diff --git a/towncrier/newsfragments/1241.fix b/towncrier/newsfragments/1241.fix
deleted file mode 100644
index 5cfdc095..00000000
--- a/towncrier/newsfragments/1241.fix
+++ /dev/null
@@ -1 +0,0 @@
-Kubernetes manifests updated to be compatible with Kubernetes 1.16 (breaks compatibility with older k8s versions)
diff --git a/towncrier/newsfragments/1278.fix b/towncrier/newsfragments/1278.fix
deleted file mode 100644
index 9abf893c..00000000
--- a/towncrier/newsfragments/1278.fix
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Ratelimit counts up on failed auth only now
diff --git a/towncrier/newsfragments/1381.fix b/towncrier/newsfragments/1381.fix
deleted file mode 100644
index 8245ef72..00000000
--- a/towncrier/newsfragments/1381.fix
+++ /dev/null
@@ -1 +0,0 @@
-Enable the From header for message delivery report in Roundcube and ensure DKIM Signature 
diff --git a/towncrier/newsfragments/1387.bug b/towncrier/newsfragments/1387.bug
deleted file mode 100644
index ce6680ef..00000000
--- a/towncrier/newsfragments/1387.bug
+++ /dev/null
@@ -1 +0,0 @@
-Fix alias resolution in regard to case: A specifically matching alias of wrong case is now preferred over a wildcard alias that might have »eaten« it previously.
diff --git a/towncrier/newsfragments/1479.bug b/towncrier/newsfragments/1479.bug
deleted file mode 100644
index 7144a98e..00000000
--- a/towncrier/newsfragments/1479.bug
+++ /dev/null
@@ -1 +0,0 @@
-Allow IPv6 authenticated connections in PostgreSQL pg_hba.conf
\ No newline at end of file
diff --git a/towncrier/newsfragments/1669.bugfix b/towncrier/newsfragments/1669.bugfix
new file mode 100644
index 00000000..7409b2d2
--- /dev/null
+++ b/towncrier/newsfragments/1669.bugfix
@@ -0,0 +1 @@
+Fix "extract_host_port" function to support containers with custom / dynamic ports
diff --git a/towncrier/newsfragments/1686.bugfix b/towncrier/newsfragments/1686.bugfix
new file mode 100644
index 00000000..932d7d7c
--- /dev/null
+++ b/towncrier/newsfragments/1686.bugfix
@@ -0,0 +1 @@
+Fix letsencrypt access to certbot for the mail-letsencrypt flavour
diff --git a/towncrier/newsfragments/1696.misc b/towncrier/newsfragments/1696.misc
new file mode 100644
index 00000000..7e6b4e8c
--- /dev/null
+++ b/towncrier/newsfragments/1696.misc
@@ -0,0 +1 @@
+Hide x-powered-by PHP-version header from webmails
diff --git a/webmails/rainloop/php.ini b/webmails/rainloop/php.ini
index 39abbdd5..27992231 100644
--- a/webmails/rainloop/php.ini
+++ b/webmails/rainloop/php.ini
@@ -1,3 +1,4 @@
+expose_php=Off
 date.timezone=UTC
 upload_max_filesize = {{ MAX_FILESIZE }}M
 post_max_size = {{ MAX_FILESIZE }}M
diff --git a/webmails/roundcube/php.ini b/webmails/roundcube/php.ini
index 39abbdd5..27992231 100644
--- a/webmails/roundcube/php.ini
+++ b/webmails/roundcube/php.ini
@@ -1,3 +1,4 @@
+expose_php=Off
 date.timezone=UTC
 upload_max_filesize = {{ MAX_FILESIZE }}M
 post_max_size = {{ MAX_FILESIZE }}M