3268: Update Roundcube 1.6.7 due to XSS vulnerabilities (backport #3267) r=mergify[bot] a=mergify[bot]
## What type of PR?
Bug fix
## What does this PR do?
Updates roundcube to 1.6.7
### Related issue(s)
Due to XSS vulnerabilities see [here](https://github.com/roundcube/roundcubemail/releases/tag/1.6.7)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
<hr>This is an automatic backport of pull request #3267 done by [Mergify](https://mergify.com).
Co-authored-by: ctrl-i <1422608+ctrl-i@users.noreply.github.com>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
3257: Fix CVE-2024-1135 (backport #3251) r=nextgens a=mergify[bot]
## What type of PR?
bug-fix
## What does this PR do?
Fix CVE-2024-1135
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
<hr>This is an automatic backport of pull request #3251 done by [Mergify](https://mergify.com).
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
3240: Fix purge_user.sh (backport #3239) r=mergify[bot] a=mergify[bot]
## What type of PR?
bug-fix
## What does this PR do?
Fix purge_user.sh; thanks to [nike7o0](https://github.com/nike7o0)
### Related issue(s)
- close#3238
- #2858
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
<hr>This is an automatic backport of pull request #3239 done by [Mergify](https://mergify.com).
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3205: Fix bug 3068. Spam messages were always marked as read. (backport #3204) r=mergify[bot] a=mergify[bot]
## What type of PR?
bug-fix
## What does this PR do?
When `Enable marking spam mails as read` was disabled, spam messages were still marked as read. This PR resolves this defect.
### Related issue(s)
- Auto close an issue like: closes#3068
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
<hr>This is an automatic backport of pull request #3204 done by [Mergify](https://mergify.com).
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3190: Ensure we always send an ISRG root for DANE (backport #3188) r=mergify[bot] a=mergify[bot]
This is an automatic backport of pull request #3188 done by [Mergify](https://mergify.com).
Cherry-pick of 494147eedf has failed:
```
On branch mergify/bp/2.0/pr-3188
Your branch is ahead of 'origin/2.0' by 2 commits.
(use "git push" to publish your local commits)
You are currently cherry-picking commit 494147ee.
(fix conflicts and run "git cherry-pick --continue")
(use "git cherry-pick --skip" to skip this patch)
(use "git cherry-pick --abort" to cancel the cherry-pick operation)
Changes to be committed:
modified: core/nginx/letsencrypt.py
Unmerged paths:
(use "git add <file>..." to mark resolution)
both modified: core/base/requirements-prod.txt
both modified: core/nginx/config.py
```
To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally
---
<details>
<summary>Mergify commands and options</summary>
<br />
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- ``@Mergifyio` refresh` will re-evaluate the rules
- ``@Mergifyio` rebase` will rebase this PR on its base branch
- ``@Mergifyio` update` will merge the base branch into this PR
- ``@Mergifyio` backport <destination>` will backport this PR on `<destination>` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
</details>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
3158: Add trailing semicolon for DMARC authorisation record (backport #3150) r=mergify[bot] a=mergify[bot]
This is an automatic backport of pull request #3150 done by [Mergify](https://mergify.com).
---
<details>
<summary>Mergify commands and options</summary>
<br />
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- ``@Mergifyio` refresh` will re-evaluate the rules
- ``@Mergifyio` rebase` will rebase this PR on its base branch
- ``@Mergifyio` update` will merge the base branch into this PR
- ``@Mergifyio` backport <destination>` will backport this PR on `<destination>` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
</details>
Co-authored-by: su-ex <codeworks@supercable.onl>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3133: Fix 3129, thanks to Games-Crack (backport #3132) r=mergify[bot] a=mergify[bot]
This is an automatic backport of pull request #3132 done by [Mergify](https://mergify.com).
---
<details>
<summary>Mergify commands and options</summary>
<br />
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- ``@Mergifyio` refresh` will re-evaluate the rules
- ``@Mergifyio` rebase` will rebase this PR on its base branch
- ``@Mergifyio` update` will merge the base branch into this PR
- ``@Mergifyio` backport <destination>` will backport this PR on `<destination>` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
</details>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3110: Long term fix against SMTP smuggling (backport #3109) r=mergify[bot] a=mergify[bot]
This is an automatic backport of pull request #3109 done by [Mergify](https://mergify.com).
---
<details>
<summary>Mergify commands and options</summary>
<br />
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- ``@Mergifyio` refresh` will re-evaluate the rules
- ``@Mergifyio` rebase` will rebase this PR on its base branch
- ``@Mergifyio` update` will merge the base branch into this PR
- ``@Mergifyio` backport <destination>` will backport this PR on `<destination>` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
</details>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3103: Prevent SMTP smuggling (backport #3102) r=mergify[bot] a=mergify[bot]
This is an automatic backport of pull request #3102 done by [Mergify](https://mergify.com).
---
<details>
<summary>Mergify commands and options</summary>
<br />
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- ``@Mergifyio` refresh` will re-evaluate the rules
- ``@Mergifyio` rebase` will rebase this PR on its base branch
- ``@Mergifyio` update` will merge the base branch into this PR
- ``@Mergifyio` backport <destination>` will backport this PR on `<destination>` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
</details>
3104: Do not block webmail when we have a valid SSO session (backport #3100) r=mergify[bot] a=mergify[bot]
This is an automatic backport of pull request #3100 done by [Mergify](https://mergify.com).
---
<details>
<summary>Mergify commands and options</summary>
<br />
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- ``@Mergifyio` refresh` will re-evaluate the rules
- ``@Mergifyio` rebase` will rebase this PR on its base branch
- ``@Mergifyio` update` will merge the base branch into this PR
- ``@Mergifyio` backport <destination>` will backport this PR on `<destination>` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
</details>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3063: Fix SETUP generating invalid files. (backport #3025) r=mergify[bot] a=mergify[bot]
This is an automatic backport of pull request #3025 done by [Mergify](https://mergify.com).
---
<details>
<summary>Mergify commands and options</summary>
<br />
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- ``@Mergifyio` refresh` will re-evaluate the rules
- ``@Mergifyio` rebase` will rebase this PR on its base branch
- ``@Mergifyio` update` will merge the base branch into this PR
- ``@Mergifyio` backport <destination>` will backport this PR on `<destination>` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
</details>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Remove deprecated database_flavor JavaScript functionality
Remove statistics question which has never been implemented
(cherry picked from commit eb65e5eea0)
show the no-javascript div element. Via JavaScript hide the no-java div element
and show the container div element.
(cherry picked from commit 02d5202c68)
The setup site malfunctions if this is not the case.
Regular expression for checking the Mailu storage path was invalid.
(cherry picked from commit 67d11c47c8)
3056: Ensure that we do reject emails if clamav/oletools are not ready; Update the CI to double-check the reason for rejection (backport #3055 and #3057) r=mergify[bot] a=mergify[bot]
Backport of #3049 and #3057
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3054: Ensure that we do not silently discard PUAs flagged by clamav (backport #3049) r=mergify[bot] a=mergify[bot]
This is an automatic backport of pull request #3049 done by [Mergify](https://mergify.com).
---
<details>
<summary>Mergify commands and options</summary>
<br />
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- ``@Mergifyio` refresh` will re-evaluate the rules
- ``@Mergifyio` rebase` will rebase this PR on its base branch
- ``@Mergifyio` update` will merge the base branch into this PR
- ``@Mergifyio` backport <destination>` will backport this PR on `<destination>` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
</details>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
