2171: fixed plugin path r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
use correct plugin path to verify plugin list
### Related issue(s)
closes: #2168
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2144: Enable unbound by default, warn if the DNS resolver doesn't work r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Enable unbound by default, warn if the DNS resolver doesn't work
### Related issue(s)
- close#2135
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2158: supply missing fields argument r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
adds missing argument "fields" to login form.
### Related issue(s)
- closes#2155
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2150: fix 2145: exceptions may be thrown when login is invalid or rate-limits exceeded r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Exceptions may be thrown when login is invalid or rate-limits exceeded for those running very recent builds of 1.9
For some reason I haven't caught it while testing #2130... that's when it was introduced.
### Related issue(s)
- close#2145
- close#2146
- #2130
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2149: fix 2147: MESSAGE_SIZE_LIMIT wasn't working r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Set client_max_body_size in the server's scope.
I haven't tested it but it makes sense regardless.
### Related issue(s)
- closes#2147
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2141: update roundcube to 1.5.2 (security fix) r=mergify[bot] a=willofr
New roundcube release (1.5.2) where a XSS is addressed: https://roundcube.net/news/2021/12/30/update-1.5.2-released
## What type of PR?
security fix
## What does this PR do?
Update roundcube from 1.5.1 to 1.5.2
This update fixes an XSS: https://roundcube.net/news/2021/12/30/update-1.5.2-released
### Related issue(s)
None
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: willofr <willofr@users.noreply.github.com>
2140: Fix 2138: Pin DANE with the full cert r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Pin the intermediates rather than the root for DANE. If you have setup TLSA records following previous suggestion from Mailu please update them.
This hasn't been tested.
The four options here are:
- stop suggesting DANE records
- send the root CA (4096 bits extra per handshake!)
- pin the intermediates : the downside is that these are only valid for 3y, see https://letsencrypt.org/certificates/ and we should pin 4: R3,R4,E1,E2
- setup a 'full' DANE record in DNS (this is what this PR does)
The high priority is warranted by the fact that some SMTP servers may not trust root CAs and may enforce DANE strictly (it may break things).
### Related issue(s)
- close#2138
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2132: Fixes#2131 - Carddav synchronization issue r=mergify[bot] a=bkraul
## What type of PR?
bug-fix
## What does this PR do?
Adds php support for `simplexml` extension which is apparently needed by rainloop to handle carddav synchronizations.
### Related issue(s)
- closes#2131
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: bkraul <bkraul@belmankraul.com>
2130: Fix 2125: Make the caller responsible to know whether the rate-limit code should be called or not r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Make the caller responsible to know whether the rate-limit code should be called or not. If the webmail isn't configured its address can't be determined.
The rate limiting code should always be called except when we are verifying temporary tokens from the webmail.
### Related issue(s)
- close#2125
- close#2129
- close#2128
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2121: Update CHANGELOG.md with items that were not added by mistake. r=mergify[bot] a=Diman0
## What type of PR?
documentation
## What does this PR do?
Due to using the wrong suffix, a lot of newsfragments were not added to the CHANGELOG.md.
This PR amends this. This PR should be backported as well. Otherwise it is very difficult to see what newsfragments are relevant for a new x.y.z. release.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2119: Fix#2117. Gpg-agent package was missing for roundcube image. r=mergify[bot] a=Diman0
## What type of PR?
Bug fix
## What does this PR do?
In the past gpg-agent was installed as dependency of gpg for the roundcube image.
The packages gpg and gpgagent are used by the enigmail plugin in roundcube. This plugin is one of the default plugins for roundcube.
After updating to a newer php (debian) image in 1.9, gpg-agent is not installed anymore together with gpg. I suspect this was changed in a newer debian version.
The fix has already been confirmed by the issue reporter. See #2117.
### Related issue(s)
- closes#2117
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2099: update Dockerfile to alpine 3.14.3 r=mergify[bot] a=willofr
## What type of PR?
Security fix
## What does this PR do?
Updated the Dockerfile to use the latest alpine version 3.14.3 where several CVEs have been fixed: https://alpinelinux.org/posts/Alpine-3.14.3-released.html
New images successfully built on my test env.
### Related issue(s)
None
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
Co-authored-by: willofr <willofr@users.noreply.github.com>
2116: fix 2114: redirect old path r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Old paths may still be cached in browsers, it's easy enough to redirect them
### Related issue(s)
- close#2114
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2111: Preparations for 1.9 release r=mergify[bot] a=Diman0
## What type of PR?
Preparations for 1.9 release.
## What does this PR do?
All changes required for the 1.9 release. This PR does not trigger the 1.9 release yet. For that we only have to create a 1.9 branch after this PR has been merged.
Please double check all the documentation. Feel free to directly commit to this branch any spelling errors you see.
After this is merged, I only have to create the 1.9 branch and update the infra project to release 1.9.
### Related issue(s)
- closes#1930
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2097: The DB_PORT and ROUNDCUBE_DB_PORT env vars were not used r=mergify[bot] a=Diman0
## What type of PR?
Bug fix
## What does this PR do?
The DB_PORT and ROUNDCUBE_DB_PORT env vars were not used and are not required.
This PR removes these not used environment variables from the documentation.
The documentation and setup utility are enhanced with instructions how to specify a different port for the database url.
### Related issue(s)
- See #2073
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>