All Versions
62
Latest Version
Avg Release Cycle
66 days
Latest Release
1012 days ago

Changelog History
Page 1

  • v0.54 Changes

    June 20, 2021

    Mail:

    • Forwarded mail using mail filter rules (in Roundcube; "sieve" rules) stopped re-writing the envelope address at some point, causing forwarded mail to often be marked as spam by the final recipient. These forwards will now re-write the envelope as the Mail-in-a-Box user receiving the mail to comply with SPF/DMARC rules.
    • ๐Ÿ”ง Sending mail is now possible on port 465 with the "SSL" or "TLS" option in mail clients, and this is now the recommended setting. Port 587 with STARTTLS remains available but should be avoided when configuring new mail clients.
    • โšก๏ธ Roundcube's login cookie is updated to use a new encryption algorithm (AES-256-CBC instead of DES-EDE-CBC).

    DNS:

    • โšก๏ธ The ECDSAP256SHA256 DNSSEC algorithm is now available. If a DS record is set for any of your domain names that have DNS hosted on your box, you will be prompted by status checks to update the DS record at your convenience.
    • Null MX records are added for domains that do not serve mail.

    Contacts/calendar:

    • โšก๏ธ Updated Nextcloud to 20.0.8, contacts to 3.5.1, calendar to 2.2.0 (#1960).

    Control panel:

    • ๐Ÿ›  Fixed a crash in the status checks.
    • Small wording improvements.

    Setup:

    • Minor improvements to the setup scripts.
  • v0.53 Changes

    April 12, 2021

    โšก๏ธ Software updates:

    • ๐Ÿ”’ Upgraded Roundcube to version 1.4.11 addressing a security issue, and its desktop notifications plugin.
    • โฌ†๏ธ Upgraded Z-Push (for Exchange/ActiveSync) to version 2.6.2.

    Control panel:

    • ๐Ÿ‘ Backblaze B2 is now a supported backup protocol.
    • ๐Ÿ›  Fixed an issue in the daily mail reports.
    • Sort the Custom DNS by zone and qname, and add an option to go back to the old sort order (creation order).

    Mail:

    • Enable sending DMARC failure reports to senders that request them.

    Setup:

    • ๐Ÿ›  Fixed error when upgrading from Nextcloud 13.
  • v0.53.a Changes

    May 08, 2021

    The download URL for Z-Push has been revised becaue the old URL stopped working.

  • v0.52 Changes

    January 31, 2021

    โšก๏ธ Software updates:

    • โฌ†๏ธ Upgraded Roundcube to version 1.4.10.
    • โฌ†๏ธ Upgraded Z-Push to 2.6.1.

    Mail:

    • Incoming emails with SPF/DKIM/DMARC failures now get a higher spam score, and these messages are more likely to appear in the junk folder, since they are often spam/phishing.
    • ๐Ÿ›  Fixed the MTA-STS policy file's line endings.

    Control panel:

    • A new Download button in the control panel's External DNS page can be used to download the required DNS records in zonefile format.
    • ๐Ÿ›  Fixed the problem when the control panel would report DNS entries as Not Set by increasing a bind query limit.
    • ๐Ÿ›  Fixed a control panel startup bug on some systems.
    • ๐Ÿ‘Œ Improved an error message on a DNS lookup timeout.
    • ๐Ÿ›  A typo was fixed.

    DNS:

    • The TTL for NS records has been increased to 1 day to comply with some registrar requirements.

    System:

    • ๐Ÿ‘ Nextcloud's photos, dashboard, and activity apps are disabled since we only support contacts and calendar.
  • v0.51 Changes

    November 14, 2020

    โšก๏ธ Software updates:

    • โฌ†๏ธ Upgraded Nextcloud from 17.0.6 to 20.0.1 (with Contacts from 3.3.0 to 3.4.1 and Calendar from 2.0.3 to 2.1.2)
    • โฌ†๏ธ Upgraded Roundcube to version 1.4.9.

    Mail:

    • The MTA-STA max_age value was increased to the normal one week.

    Control Panel:

    • Two-factor authentication can now be enabled for logins to the control panel. However, keep in mind that many online services (including domain name registrars, cloud server providers, and TLS certificate providers) may allow an attacker to take over your account or issue a fraudulent TLS certificate with only access to your email address, and this new two-factor authentication does not protect access to your inbox. It therefore remains very important that user accounts with administrative email addresses have strong passwords.
    • TLS certificate expiry dates are now shown in ISO8601 format for clarity.
  • v0.50 Changes

    September 25, 2020

    Setup:

    • โฌ†๏ธ When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation.

    Mail:

    • An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
    • The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.

    DNS:

    • autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
    • IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.

    TLS:

    • TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.

    Control Panel:

    • ๐Ÿ“„ The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
    • ๐Ÿ‘‰ User passwords can now have spaces.
    • ๐Ÿšš Status checks for automatic subdomains have been moved into the section for the parent domain.
    • ๐Ÿ›  Typo fixed.

    ๐ŸŒ Web:

    • 0๏ธโƒฃ The default web page served on fresh installations now adds the noindex meta tag.
    • The HSTS header is revised to also be sent on non-success responses.
  • v0.48 Changes

    August 26, 2020

    ๐Ÿ”’ Security fixes:

    • โšก๏ธ Roundcube is updated to version 1.4.8 fixing additional cross-site scripting (XSS) vulnerabilities.
  • v0.47 Changes

    July 29, 2020

    ๐Ÿ”’ Security fixes:

  • v0.46 Changes

    June 11, 2020

    ๐Ÿ”’ Security fixes:

  • v0.45 Changes

    May 16, 2020

    ๐Ÿ”’ Security fixes:

    • ๐Ÿ›  Fix missing brute force login protection for Roundcube logins.

    โšก๏ธ Software updates:

    • โฌ†๏ธ Upgraded Roundcube from 1.4.2 to 1.4.4.
    • โฌ†๏ธ Upgraded Nextcloud from 17.0.2 to 17.0.6 (with Contacts from 3.1.6 to 3.3.0 and Calendar from 1.7.1 to v2.0.3)
    • โฌ†๏ธ Upgraded Z-Push to 2.5.2.

    System:

    • โฌ†๏ธ Nightly backups now occur on a random minute in the 3am hour (in the system time zone). The minute is chosen during Mail-in-a-Box installation/upgrade and remains the same until the next upgrade.
    • ๐Ÿ›  Fix for mail log statistics report on leap days.
    • ๐Ÿ›  Fix Mozilla autoconfig useGlobalPreferredServer setting.

    ๐ŸŒ Web:

    • โž• Add a new hidden feature to set nginx alias in www/custom.yaml.

    Setup:

    • ๐Ÿ‘Œ Improved error handling.