3198: Update actions in CI github workflow files r=mergify[bot] a=Diman0
## What type of PR?
update
## What does this PR do?
Update all the actions in the *.yml workflow files to the current version. This is required to get rid of all the warnings in github actions for using node16.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ n/a] In case of feature or enhancement: documentation updated accordingly
- [ n/a] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3165: Documentation: config-export had wrong example. r=mergify[bot] a=migs35323
fixing the example command flag.
running the example command to export the configuration throws: Error: [KeyError] 'mail-config'
this is valid for any version of mailu (at the time)
## What type of PR?
documentation
## What does this PR do?
Co-authored-by: migs35323 <92784574+migs35323@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3197: Address CVE-2024-23829 (CVE for aiohttp) r=mergify[bot] a=Diman0
## What type of PR?
security update
## What does this PR do?
Updates library to patch CVE-2024-23829.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3194: Fix 3113 r=mergify[bot] a=Diman0
## What type of PR?
bug-fix
## What does this PR do?
Fixes swaggerui documentation of all RESTful api end points. The API documentation should now be valid for each endpoint.
### Related issue(s)
- close#3113
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3191: Ensure we also pin ISRG X2 in TLSA r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Ensure we also pin ISRG X2 in TLSA; some users may have opted-in, the CA may change where they issue from, ... this is future-proofing.
### Related issue(s)
- #3187
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3184: Remove redundant variable assignment r=mergify[bot] a=strugee
## What type of PR?
Bugfix
## What does this PR do?
See diff; this variable is set again two lines down
### Related issue(s)
None
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: AJ Jordan <alex@strugee.net>
3189: Bump tika version to 2.9.1 r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Bump tika version to 2.9.1
Bump alpine to 3.9.1
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3188: Ensure we always send an ISRG root for DANE r=nextgens a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Ensure we always send an ISRG root for DANE. Rebuild the x509 cert chain ourselves to ensure it's valid.
It's fairly obvious that we can't trust letsencrypt to keep things sane (they are now planning to sign from random intermediaries) nor certbot to be consistent.
### Related issue(s)
- close#3187
- #2138
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3181: Ensure that nginx and dovecot are reloaded r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Ensure that nginx and dovecot are reloaded.
For some reason here the PID files have disappeared and the reload doesn't work.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3138: Update dependencies and re-enable flask toolbar r=nextgens a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Update python dependencies to versions without known security vulnerabilities.
Also re-enable flask debug toolbar which was disabled earlier.
werkzeug < 2.3.8: CVE-2023-46136
aiohttp < 3.9.0: CVE-2023-49081 CVE-2023-49082
cryptography >= 3.1 < 41.0.6: CVE-2023-49083
jinja2 < 3.1.3: CVE-2024-22195
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3178: Fix ooo/sieve when proxy protocol is in use r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Fix ooo/sieve when proxy protocol is in use; If it is enabled we shouldn't talk to front but to the proxy.
I am not proposing to backport this; it will be a 2.1 thing.
### Related issue(s)
- close#3172
- close#3159
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3175: update Simplified Chinese translation r=mergify[bot] a=darkclip
## What type of PR?
bugfix for localization
## What does this PR do?
update Simplified Chinese (zh) translation
### Related issue(s)
None
## Prerequisites
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: darkclip <darkclip@users.noreply.github.com>
3150: Add trailing semicolon for DMARC authorisation record r=mergify[bot] a=su-ex
## What type of PR?
bug-fix
## What does this PR do?
Add trailing semicolon for DMARC authorisation records, which seems to be necessary: https://stackoverflow.com/a/72463456
I ran into this when testing my domain with internet.nl.
Co-authored-by: su-ex <codeworks@supercable.onl>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3137: Update run_dev.sh r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Make `run_dev.sh` more resilient by using sed instead of awk.
Clarify on how to update the python dependencies.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3136: Roundcube 1.6.6 r=mergify[bot] a=ctrl-i
## What type of PR?
Roundcube has been updated to version 1.6.6 which contains various small fixes and improvements.
See [release notes](https://github.com/roundcube/roundcubemail/releases/tag/1.6.6)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: ctrl-i <1422608+ctrl-i@users.noreply.github.com>