3235: Tweaks to logging r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Make the default ``LOG_LEVEL=INFO`` ; ensure that admin does not log the access log unless it's set to ``DEBUG``
This ensures we see the authentication related messages.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3251: Fix CVE-2024-1135 r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Fix CVE-2024-1135
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3239: Fix purge_user.sh r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Fix purge_user.sh; thanks to [nike7o0](https://github.com/nike7o0)
### Related issue(s)
- close#3238
- #2858
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3203: Add automatic tests for RESTful API r=mergify[bot] a=Diman0
and fix all remaining issues that I could find with the API.
## What type of PR?
internal feature / bug-fix
## What does this PR do?
I first wanted to finish #3113 before continuing on the tests to keep the scope smaller of the PR.
This PR adds automatic tests that tests **all** the interfaces of the RESTful API. Practically it only tests the normal Ok (http 200) situations. Maybe in the future we could add more tests to check if the validation checks work correctly for each interface.
I also fixed any issues I could find with the RESTful API. I can at least confirm that all interfaces work now. I think the validation checks are also complete now.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [n/a] In case of feature or enhancement: documentation updated accordingly
- [n/a] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3206: Fix typo in setup r=mergify[bot] a=strugee
## What type of PR?
Documentation
## What does this PR do?
Fix typo; see diff
### Related issue(s)
N/A
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: AJ Jordan <alex@strugee.net>
3204: Fix bug 3068. Spam messages were always marked as read. r=mergify[bot] a=Diman0
## What type of PR?
bug-fix
## What does this PR do?
When `Enable marking spam mails as read` was disabled, spam messages were still marked as read. This PR resolves this defect.
### Related issue(s)
- Auto close an issue like: closes#3068
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
* form
* Fixed: Internal error occurred if an empty forward_destination was entered and forward_enabled was false
* Fixed: form did not check if forward_destination is empty.
* Fixed: form marked forward_destination field as read-only upon reloading form upon validation error
* api - create user and update/patch user
* Create/Patch user did not check if forward_destination email address is valid
* Create/Patch user did not check if forward_destination is present and forward_enabled is true
3200: Fix highligting disabled users r=mergify[bot] a=nwinkelstraeter
This just changes the class on the rows of disabled users from `warning` to `bg-warning` . As warning is not available in AdminLTE 3 disabled users where not highlighted anymore-
## What type of PR?
bug-fix
## What does this PR do?
### Related issue(s)
#3166
Co-authored-by: Nico Winkelsträter <nico.winkelstraeter@initos.com>
3198: Update actions in CI github workflow files r=mergify[bot] a=Diman0
## What type of PR?
update
## What does this PR do?
Update all the actions in the *.yml workflow files to the current version. This is required to get rid of all the warnings in github actions for using node16.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ n/a] In case of feature or enhancement: documentation updated accordingly
- [ n/a] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3165: Documentation: config-export had wrong example. r=mergify[bot] a=migs35323
fixing the example command flag.
running the example command to export the configuration throws: Error: [KeyError] 'mail-config'
this is valid for any version of mailu (at the time)
## What type of PR?
documentation
## What does this PR do?
Co-authored-by: migs35323 <92784574+migs35323@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3197: Address CVE-2024-23829 (CVE for aiohttp) r=mergify[bot] a=Diman0
## What type of PR?
security update
## What does this PR do?
Updates library to patch CVE-2024-23829.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3194: Fix 3113 r=mergify[bot] a=Diman0
## What type of PR?
bug-fix
## What does this PR do?
Fixes swaggerui documentation of all RESTful api end points. The API documentation should now be valid for each endpoint.
### Related issue(s)
- close#3113
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3191: Ensure we also pin ISRG X2 in TLSA r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Ensure we also pin ISRG X2 in TLSA; some users may have opted-in, the CA may change where they issue from, ... this is future-proofing.
### Related issue(s)
- #3187
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3184: Remove redundant variable assignment r=mergify[bot] a=strugee
## What type of PR?
Bugfix
## What does this PR do?
See diff; this variable is set again two lines down
### Related issue(s)
None
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: AJ Jordan <alex@strugee.net>
3189: Bump tika version to 2.9.1 r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Bump tika version to 2.9.1
Bump alpine to 3.9.1
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3188: Ensure we always send an ISRG root for DANE r=nextgens a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Ensure we always send an ISRG root for DANE. Rebuild the x509 cert chain ourselves to ensure it's valid.
It's fairly obvious that we can't trust letsencrypt to keep things sane (they are now planning to sign from random intermediaries) nor certbot to be consistent.
### Related issue(s)
- close#3187
- #2138
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3181: Ensure that nginx and dovecot are reloaded r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Ensure that nginx and dovecot are reloaded.
For some reason here the PID files have disappeared and the reload doesn't work.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3138: Update dependencies and re-enable flask toolbar r=nextgens a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Update python dependencies to versions without known security vulnerabilities.
Also re-enable flask debug toolbar which was disabled earlier.
werkzeug < 2.3.8: CVE-2023-46136
aiohttp < 3.9.0: CVE-2023-49081 CVE-2023-49082
cryptography >= 3.1 < 41.0.6: CVE-2023-49083
jinja2 < 3.1.3: CVE-2024-22195
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3178: Fix ooo/sieve when proxy protocol is in use r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Fix ooo/sieve when proxy protocol is in use; If it is enabled we shouldn't talk to front but to the proxy.
I am not proposing to backport this; it will be a 2.1 thing.
### Related issue(s)
- close#3172
- close#3159
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3175: update Simplified Chinese translation r=mergify[bot] a=darkclip
## What type of PR?
bugfix for localization
## What does this PR do?
update Simplified Chinese (zh) translation
### Related issue(s)
None
## Prerequisites
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: darkclip <darkclip@users.noreply.github.com>
