Summary
atmail mail server 1.2.0 introduces global address books, and resolves various bugs and security issues.
Important highlights from this release
- Security improvements
- Global address list
Changelog
MAILSERVER
| Summary | Description |
|---|---|
| Cross-Site Request Forgeries |
eu.atmailcloud.com 443/tcp There are various forms of CSRF. Depending on the form, exploitation may occur as a result of an attacker enticing an application consumer into clicking a malicious URL or web site. In some cases, the payload may be loaded from persistent storage on the vulnerable site itself, executing when it is accessed by a user. |
New Feature
| Summary | Description |
|---|---|
| Globally toggle global address book modes |
Further setting added in services/webmail settings -> enable global addressbook (per domain). |
Improvement
| Summary | Description |
|---|---|
| Update provision/deprovision function |
Updated provision/deprovision functions. Provision and deprovision functions on jmapproxy have been updated, the same functions in the mailserver have also updated. |
Bug
| Summary | Description |
|---|---|
| Disabled GAL shows error on publish |
When GAL is disabled, running publish produces an error to the user. This is now handled as a viable option. failed: [localhost] (item= {u'Val': u'true', u'Prop': u'ENABLE_STORAGE'}) => {"changed": false, "failed": true, "item": {"Prop": "ENABLE_STORAGE", "Val": "true"}, "msg": "Destination /etc/atmail/dav/config.php does not exist !", "rc": 257} ) => {"changed": false, "failed": true, "item": {"Prop": "STORAGE_DIR", "Val": "'/var/atmail/storage/'"}, "msg": "Destination /etc/atmail/dav/config.php does not exist !", "rc": 257} ) => {"changed": false, "failed": true, "item": {"Prop": "STORAGE_TEMP_DIR", "Val": "'/var/atmail/temp_storage/'"}, "msg": "Destination /etc/atmail/dav/config.php does not exist !", "rc": 257} ) => {"changed": false, "failed": true, "item": {"Prop": "ENABLE_GLOBAL_DIRECTORY", "Val": "false"}, "msg": "Destination /etc/atmail/dav/config.php does not exist !", "rc": 257} ) => {"changed": false, "failed": true, "item": {"Prop": "ENABLE_GLOBAL_DIRECTORY_MODE", "Val": "'disabled'"}, "msg": "Destination /etc/atmail/dav/config.php does not exist !", "rc": 257} ) => {"changed": false, "failed": true, "item": {"Prop": "ENABLE_GLOBAL_DIRECTORY_CARD_MODE", "Val": "'system'"}, "msg": "Destination /etc/atmail/dav/config.php does not exist !", "rc": 257} |
| API /users/update MYSQL SYNTAX ERROR |
Syntax error within API call for updating users resolved.
$ curl -k -i --data "userId=2&domainIds=2" |
| Update mailserverAuditing to just log fail not php error stack trace |
Audit code updated to be person task/details/success/fail rather than including php stack traces. |
| Error state from alias delete is ingored |
When deleting an alias, if an error occurred the UI would ignore it and do nothing. User is now presented an error to inform them of the failure. |
| Incorrect permission referenced for alias delete |
In api.php aliasesDelete() function, permissions have been resolved. |
Comments