Releases: opensolutions/ViMbAdmin
PHP >= 8.0 support, bug fixes
🚨 PHP 8.0 is now the minimum support version of PHP. Please use v3.3.x if you need support for an earlier version of PHP.
This release includes schema enhancements by indexing some columns - please fun the following after updating:
# sanity check the output of:
./bin/doctrine2-cli.php orm:schema-tool:update --dump-sql
# and then run:
./bin/doctrine2-cli.php orm:schema-tool:update --force
❤️ Thanks to everyone who reported bugs and submitted PRs.
Changes and Fixes
PHP 8 Support, Bug fixes and Library updates
Third party libraries have now been updated for support through to PHP 8.1.
Also:
- Fixed #272 Lost Password Captcha not shown
- Updated JS libraries to address #232 Broken jquery libs (Security)
- Added HTML entity filter to fix #253 Cross Site Scripting at /auth/lost-password
- Fixed Doctrine deprecation issue #278 Fix depreciated Doctrine\Common\Util\Inflector trait
Version tagging fix
Better composer handling
In this release, we merge in two small libraries and update the documentation for better composer handling.
You will need to edit application/config/application.ini
as follows (line numbers correspond to this version of the application.ini.dist
file.
- Change line 595:
- pluginPaths.OSS_Resource = APPLICATION_PATH "/../vendor/opensolutions/oss-framework/src/OSS/Resource"
+ pluginPaths.OSS_Resource = APPLICATION_PATH "/../library/OSS/Resource"
- Change line 673:
- resources.smarty.plugins[] = APPLICATION_PATH "/../vendor/opensolutions/oss-framework/src/OSS/Smarty/functions"
+ resources.smarty.plugins[] = APPLICATION_PATH "/../library/OSS/Smarty/functions"
From here on in, upgrades (and installs) that use the composer method should do it via:
composer install --no-dev --prefer-dist
Various pent up bugs and small improves and features
- Fixes to automatic aliases (d94b00e - Barry O'Donovan - 2020-05-16)
- Mailbox auto aliases (#179) (e021eef - Matthias Fechner - 2020-05-16)
- Change redirection for changed password (#235) (4602ab0 - Pierre Ozoux - 2020-05-16)
- [BF] some fields in Directory Entry plugin will not disappear - I think this should work - fixes #246 (90ac57c - Barry O'Donovan - 2020-05-16)
- [NF] Hide Domain column from mailbox listing via @maysara - closes #248 (b121616 - Barry O'Donovan - 2020-05-16)
- Default Quota not populated when mailbox is created via @maysara - fixes #249 (a1eb0e1 - Barry O'Donovan - 2020-05-16)
- Update proxies (7c8d2e0 - Barry O'Donovan - 2020-05-16)
- Update js bundle (6be6b7f - Barry O'Donovan - 2020-05-16)
- [NF] Add archive logging - closes #251 (4e23643 - Barry O'Donovan - 2020-05-16)
- [BF] Wrong mailbox count after restoring archive via @rfhsorna - fixes #231 (c9fb4b7 - Barry O'Donovan - 2020-05-16)
- [BF] defaults.table.entries was ignored - fixes #216 (d6f1473 - Barry O'Donovan - 2020-05-16)
- [BF] Better error handling for dup alias - fixes #260 (fedf85b - Barry O'Donovan - 2020-05-16)
PHP 7.x Support (inc. PHP 7.4)
We are delighted to announce the immediate release and availability of ViMbAdmin v3.1.0.
This release supports all versions of PHP up to and including 7.4 (latest at time of writing).
This is a long awaited and requested update and we apologise for the delay.
I'd like to give a special shoutout to @Shardj who's shardj/zf1-future fork of the long EOL'd Zend Framework v1 made this possible.
Upgrade Instructions
Generally, follow the official instructions.
There are no schema or other changes so it should be pretty easy.
If you're using Git, this worked without issue for me:
cd /path/to/vimbadmin
git fetch --all
git checkout 3.1.0
composer install --prefer-dist --no-dev
Security Update - weak salts for auth methods md5/sha1.salted
In opensolutions/OSS-Framework#43 it was pointed out that a typo in the authentication code meant that the md5.salted and sha1.salted password schemes didn't actually use the requested salt string but a fixed salt of "md5.salted" and "sha1.salted" respectively.
This has been corrected in this commit: https://git.io/vV5iE
A note to this effect has been added to ViMbAdmin is this commit: https://git.io/vV5ii
As a result of this, "md5.salted" and "sha1.salted" have been replaced with hyphenated versions: "md5-salted" and "sha1-salted" which will use the actual salt as requested.
For all existing ViMbAdmin installations, "md5.salted" and "sha1.salted" will continue to work but with the static salts of "md5.salted" and "sha1.salted" respectively.
One should always pick a hashing function as strong as your mail system allows. At time of writing, Dovecot ( http://wiki2.dovecot.org/Authentication/PasswordSchemes ) recommends one of BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT in descending order of strength
As such, the default version ViMbAdmin ships with in application.ini.dist is now:
defaults.mailbox.password_scheme = "dovecot:BLF-CRYPT"
While no code changes have occurred in ViMbAdmin, we've pushed a new release to mark this issue:
https://github.com/opensolutions/ViMbAdmin/releases/tag/3.0.15
NB: no code changes have actually occurred in ViMbAdmin but rather a library used by ViMbAdmin. To get the new version of the library, just run:
composer update
Bug Fix Release
V Merge pull request #127 from Spiral23/dev (87bf5d8 - Barry O'Donovan - 2016-04-04)
- Really really close #176 ;-) (ddf8963 - Barry O'Donovan - 2016-04-03)
- Close #174 (06929c5 - Barry O'Donovan - 2016-04-02)
- Really close #83 (19a5911 - Barry O'Donovan - 2016-04-02)
- Really fix composer smarty reference (05e23fd - Barry O'Donovan - 2016-04-02)
- Tidy up PR #134 (165fae8 - Barry O'Donovan - 2016-04-02)
- Make sure the toggle function for the alias return the correct value to return error message to user why a alias could not be deactivated. (b65ac65 - Matthias Fechner - 2014-09-29)
- A not existing hook function in a plugin will always cause a true return value to not break interrupt flow. (d4f2fd6 - Matthias Fechner - 2014-09-29)
- If an alias is deleted, continue only, if all called hooks from all plugins give green light to continue with the deletion. (13120a8 - Matthias Fechner - 2014-09-27)
- Added the possibility that a plugin function can stop the workflow if it return a false. (3a0e58e - Matthias Fechner - 2014-09-27)
Bug Fix Release (plus small features)
- Merge pull request #110 from ghost/patch-1 (3a626a3 - Barry O'Donovan - 2016-04-02)
- Merge pull request #145 from reissmann/feature/103_autocomplete (4a951a2 - Barry O'Donovan - 2016-04-02)
- Merge pull request #152 from kaechele/patch-1 (5380e97 - Barry O'Donovan - 2016-04-02)
- [BF] fix min password length - fixes #158 (98084e8 - Barry O'Donovan - 2016-04-02)
- [BF|IM] Allow new style domain names - fixes #165 (60a4026 - Barry O'Donovan - 2016-04-02)
- Merge pull request #172 from troggy/fix-email-validation (de87d78 - Barry O'Donovan - 2016-04-02)
- Allow TLDs longer then 4 chars (f048df9 - Kosta Korenkov - 2016-03-23)
- Use Smarty from Packagist - fixes #168 #closes #169 (b78a4ce - Barry O'Donovan - 2016-03-16)
- More securely parse the version - fixes #161 (27775f0 - Barry O'Donovan - 2016-01-07)
- [NF] new mail/homedir substitution option (b644475 - Barry O'Donovan - 2015-08-28)
- Fix mail config typo in sample config (235b206 - Felix Kaechele - 2015-08-28)
- Update README.md (dccd8b8 - Barry O'Donovan - 2015-07-20)
- disable autocompletion on password formfields. fixes #103 and fixes #144. (3f70145 - Sven Reissmann - 2015-07-08)
- Update vimbadmin (e2fce46 - Barry O'Donovan - 2015-06-02)
Bug Fix Release (plus small features)
- [BF] Fix #139 (4e07b1f - Barry O'Donovan - 2015-05-31)
- Create CONTRIBUTING.md (c24c04a - Barry O'Donovan - 2015-03-28)
- Merge pull request #130 from Tribal-Dolphin/master (549882e - Barry O'Donovan - 2015-03-14)
- Domain Form accepts plugins (86db6b4 - Tribal-Dolphin - 2015-03-14)
- Merge pull request #129 from Tribal-Dolphin/master (002be21 - Barry O'Donovan - 2015-03-14)
- Domain Hook (591cd3b - Tribal-Dolphin - 2015-03-14)
- Domain Hooks (88783c2 - Tribal-Dolphin - 2015-03-14)
## Domain Hooks
The following domain hooks have been added for plugins with thanks to @Tribal-Dolphin:
- domain_add_formPostProcess
- domain_add_addPrepare
- domain_add_addPrevalidate
- domain_add_addPostvalidate
- domain_add_addFinish
- domain_purge_preRemove
- domain_purge_purgeFinish