🕶️🐄 Moogust Update 2024 | Revision A (Dovecot CVE Fixes)

What's Changed

• fix: 🚑 Fixed version parsing of docker by @jkrgr0 in #6016
• Refactor/Change Dockerfiles cmd from shell to exec form by @h3ssan in #6019
• dovecot: added timeout option when sa-rules cannot be downloaded by @DerLinkman in #6025
• containers: use mariadb-admin instead of deprecated mysqladmin by @DerLinkman in #6026
• Fix: bash variables are not quoted by @h3ssan in #6022
• Replace weird character to the correct ' by @h3ssan in #6029
• Pushover/Quarantine utf 8 fix - fixes #6028 by @bluewalk in #6031
• 2024-08a by @DerLinkman in #6033
• Fix: Escape a ' character in update.sh by @h3ssan in #6034

New Contributors

• @jkrgr0 made their first contribution in #6016

Full Changelog: 2024-08...2024-08a
Blog: https://mailcow.email/posts/2024/release-2024-08/

🕶️🐄 Moogust Update 2024 | Forgot Password?, SOGo 5.11, Rspamd 3.9.1 and More

What's Changed

• Translations update from Weblate by @milkmaker in #5980
• Allow prompt-less install on low-resource systems by @Ayowel in #5804
• dovecot: fix precompiling of sieve scripts by @DerLinkman in #5983
• Greek names of dovecot folders by @rallisf1 in #5972
• ui: added enotify and mime as valid options for ui by @DerLinkman in #5985
• Bug Fix: Check mailcow.conf exists before work with it by @h3ssan in #5987
• Fix typo in update.sh: word Proceeding by @h3ssan in #5989
• Fix LABEL in Dockerfile, should be key=value by @h3ssan in #5990
• fix: change internal urls for containers using curl on alpine by @Doozy134 in #5967
• rspamd: upgrade to rspamd 3.9.1 by @DerLinkman in #5661
• Refactor: update.sh script with --help should exit with status code 0 by @h3ssan in #5991
• [Fix] Watchdog: escape subject and body for webhooks by @mrclschstr in #5773
• Translations update from Weblate by @milkmaker in #5995
• Filter to limit ofelia scope by @Kitof in #5776
• restore: remove tty requirement from restore process to allow for automated restores by @muhlba91 in #5934
• Translations update from Weblate by @milkmaker in #5999
• [Rspamd] Fix bayes config by @dragoangel in #6000
• sogo: update to 5.11.0 + Rebase on Bookworm by @DerLinkman in #6002
• unbound: fix healthcheck logging + added fail tolerance to checks by @DerLinkman in #6004
• flatcurve-fts: limit tokenizers size in e-mail adress by @DerLinkman in #6006
• [Web] Add a forgot password flow by @FreddleSpl0it in #6009
• .github: Add pull_request_template.md by @DerLinkman in #6011

Sponsoring

Thank you to the Youth Foundation of Baden-Württemberg (Germany) for sponsoring the "Forgot Password?" feature!

New Contributors

• @Ayowel made their first contribution in #5804
• @rallisf1 made their first contribution in #5972
• @h3ssan made their first contribution in #5987
• @SailReal made their first contribution in #5945
• @Doozy134 made their first contribution in #5967
• @mrclschstr made their first contribution in #5773
• @Kitof made their first contribution in #5776
• @muhlba91 made their first contribution in #5934

Full Changelog: 2024-07...2024-08
Blog Post for additional informations: https://mailcow.email/posts/2024/release-2024-08/

🔥🐄 Mooly Update 2024 | Security Update

⚠️ Vulnerabilities fixed⚠️

CVE-2024-41958 - Two-Factor Authentication (2FA) Bypass Vulnerability
CVE-2024-41959 - XSS Vulnerability via API Logs
CVE-2024-41960 - XSS Vulnerability via Relay Hosts Configuration

What's Changed

• Do not add MAILCOW_WHITE on failed DMARC by @dragoangel in #5971
• [Postfix] update postscreen_access.cidr by @milkmaker in #5974
• Security fixes by @FreddleSpl0it in #5976

Full Changelog: 2024-06c...2024-07

🌙🐄 Moone Update 2024 | Revision C

What's Changed

• Revert "Update debug.twig to include a link to the git project URL for the mailcow version tag" by @DerLinkman in #5955
• Revert "php: Rebase on Debian 12" by @DerLinkman in #5956

Full Changelog: 2024-06b...2024-06c

🌙🐄 Moone Update 2024 | Revision B

What's Changed

• Enhanced regular expression for THREADS parameter by @torzech in #5634
• php: Rebase on Debian 12 to fix DNS Resolution bug (for now) by @DerLinkman in #5951
• web: remove WIP notice for ARM64 from ui by @DerLinkman in fc7ea7a
• [Postfix] update postscreen_access.cidr by @milkmaker in #5930

New Contributors

• @torzech made their first contribution in #5634

Full Changelog: 2024-06a...2026-06b

🌙🐄 Moone Update 2024 | Revision A

What's Changed

• Revert "Translations update from Weblate" by @DerLinkman in #5925

This Release also fixes broken PHP Container, caused by broken dns resolution of curl modul. To apply simply rereun the update.sh script

Full Changelog: 2024-06...2024-06a

🌙🐄 Moone Update 2024 | Flatcurve Update Phase I

⚠️ Critical Changes ⚠️

• Postfix Upgrade: Updated to Postfix 3.7.10 and Debian 12, dropping support for TLS 1.0 and 1.1. Older TLS versions can be re-enabled as per the documentation.

• Flatcurve FTS Engine: New experimental full-text search engine using Xapian. Activate with FLATCURVE_EXPERIMENTAL=y in mailcow.conf. Read docs

• Nextcloud helper-script will be dropped in December 2024. More informations why, READ HERE

What else Changed?

• Translations update from Weblate by @milkmaker in #5824
• Translations update from Weblate by @milkmaker in #5835
• Update lang.pt-pt.json by @7zx in #5832
• Translations update from Weblate by @milkmaker in #5839
• Improve Dutch translation by @mitchellvanbijleveld in #5840
• Translations update from Weblate by @milkmaker in #5862
• Update lang.ru-ru.json by @RakhimovRamis in #5865
• Translations update from Weblate by @milkmaker in #5873
• Translations update from Weblate by @milkmaker in #5876
• chore(deps): update alpine docker tag to v3.20 by @renovate in #5883
• Update debug.twig to include a link to the git project URL for the mailcow version tag by @CallMeLeon167 in #5875
• [Postfix] update postscreen_access.cidr by @milkmaker in #5863
• Switch IP2Country lookup backend to shortened version by @Thomas2500 in #5886
• os: updated all Alpine containers to 3.20 by @DerLinkman in #5893
• Fix unbound healthcheck.sh to log all messages to logfile by @DocFraggle in #5750
• remove version from docker-compose.yml by @iamspido in #5845
• Remove discontinued SORBS DNSBL by @mkuron in #5901
• Add switch to skip fetching certificates auto{config,discover} subdomains by @schichtnudelauflauf in #5838
• Fix blocking last logins fetching by @PierrePlt in #5880
• chore(deps): update dependency nextcloud/server to v28.0.6 by @renovate in #5690
• nextcloud: add deprecation notice once script start by @DerLinkman in #5902
• Remove unnecessary log lines in Postfix's log by @SwissOS in #5817
• Translations update from Weblate by @milkmaker in #5908
• chore(deps): update docker/build-push-action action to v6 by @renovate in #5910
• [Rspamd] Delete overriding obsolete rspamd plugin by @realizelol in #5900
• Translations update from Weblate by @milkmaker in #5912
• [Postfix] Upgrade to Deb12 + PF to 3.7.10 & Drop TLS 1.0/1.1 per default by @DerLinkman in #5635
• dovecot: add Flatcurve FTS Engine as EXPERIMENTAL by @DerLinkman in #5920

New Contributors

• @7zx made their first contribution in #5832
• @mitchellvanbijleveld made their first contribution in #5840
• @RakhimovRamis made their first contribution in #5865
• @CallMeLeon167 made their first contribution in #5875
• @iamspido made their first contribution in #5845
• @schichtnudelauflauf made their first contribution in #5838
• @PierrePlt made their first contribution in #5880
• @SwissOS made their first contribution in #5817

Full Changelog: 2024-04...2024-06

🥚🐄 Moopril Update 2024 | Security Update

What's Changed

With the Moopril update, two security vulnerabilities in mailcow will be closed.

1. CVE-2024-31204: XSS Vulnerability via Exception Handler
2. CVE-2024-30270: Path Traversal and Arbitrary Code Execution Vulnerability

Thanks to Paul Gerste from Sonar for reporting the security vulnerabilities!

• chore(deps): update thollander/actions-comment-pull-request action to v2.5.0 by @renovate in #5747
• Translations update from Weblate by @milkmaker in #5762
• sogo: upgrade to 5.10.0 by @DerLinkman in #5765
• Translations update from Weblate by @milkmaker in #5777
• [Web]Small change about zh-cn translation by @aaadddfgh in #5789
• [Postfix] update postscreen_access.cidr by @milkmaker in #5770
• Remove one GmbH in Dockerfiles by @MAGICCC in #5743
• Translations update from Weblate by @milkmaker in #5810
• Update French translation by @yvan-algoo in #5805
• Translations update from Weblate by @milkmaker in #5813
• [Postfix] update postscreen_access.cidr by @milkmaker in #5811
• Translations update from Weblate by @milkmaker in #5815
• [Rspamd] Set local_addrs lo mailcow networks by @dragoangel in #5812
• [Rspamd] milter update Content-Type and Content-Transfer-Encoding header by @FreddleSpl0it in #5751
• [Web] fix exception handler and rspamd_maps function by @FreddleSpl0it in #5818

New Contributors

• @aaadddfgh made their first contribution in #5789

Full Changelog: 2024-02...2024-04

🐥🐄 Febmooary 2024 Update | ClamAV Security Update

What's Changed

• [Web] fix blank /debug page with invalid timezone by @FreddleSpl0it in #5728
• [Web] fix setting unchecked checkboxes on domain adding by @FreddleSpl0it in #5730
• [Web] display human readable domainnames instead of punycode by @FreddleSpl0it in #5729
• [Rspamd] apply domain wide footer to alias domains by @FreddleSpl0it in #5727
• [Netfilter] respect ban time limits by @Habetdin in #5679
• Translations update from Weblate by @milkmaker in #5732
• Translations update from Weblate by @milkmaker in #5740

Full Changelog: 2024-01e...2024-02
Updated Blog Page here: https://mailcow.email/posts/2024/release-2024-02/

🦾6️⃣4️⃣ 🐄 Janmooary 2024 Update Revision E | Corrections for the ARM64 Update

What's Changed

• [Netfilter] fix mailcow isolation rule for iptables by @FreddleSpl0it & @tomudding in #5700
• [Netfilter] set IP check more relaxed on NFTables.py by @amorfo77 in #5711
• [SOGo] Fixed SOGo crash on older kernels < 5.10.0-X by @DerLinkman in 5a97027
• [Dovecot] Fixed Wrong Timezone Logging by @DerLinkman in d08ccbc
• [Unbound] Increased checks interval back to 30s by @DerLinkman in 63bb8e8
• [Unbound] Removed netcat checks from unbound healthchecks by @DerLinkman in 63426c3

We are aware of the “issue” with SOGo and the error message in the editor. We have already reached out, and once the fix is implemented, we will seamlessly patch the provided SOGo version with the 2024-01e release. This avoids the need for a new subrelease like the current one.

Full Changelog: 2024-01d...2024-01e
Updated Blog Page here: https://mailcow.email/posts/2024/release-2024-01/