3.0.209 Feb 2017 13:25
SECURITY: don't allow to delete protected aliases (CVE-2017-5930, PR#23).
- VacationHandler for PostgreSQL.
- AliasHandler: restrict mailbox subquery to allowed and specified domains
to improve performance on setups with lots of mailboxes.
Allow switching between dovecot: password schemes while still accepting.
Passwords hashed using the previous dovecot: scheme
FetchmailHandler: use a valid date as default for 'date'.
Date formatting in non-english languages when using PostgreSQL.
Debian packaging: improve dependencies, remove old templates_c/ files.
3.0.120 Sep 2016 09:45
Add missing Smarty files to Debian package.
(no changes to PostAdmin, therefore only released as Debian packages).
3.012 Sep 2016 01:05
Add sqlite backend option.
Add configurable smtp helo (CONF "smtp_client" ).
New translation: ro (Romanian).
Language update: tw, cs, de.
Escaping in gen_show_status() (could be used to DOS list-virtual by.
Creating a mail address with special chars)
Add CSRF protection for POST requests.
List.tpl: base edit/editactive/delete links in list.tpl on RAW_item to.
Avoid double escaping, and some corner cases
Editform.tpl: add if block for description column for easier customization.
Use smarty html_options instead of select_options().
Remove advice about using SetEnv for database password.
Include_once(config.local.php) instead of include()ing it to prevent include.
Loops if someone copies config.inc.php to config.local.php
Vacation.pl: encode wide-chars utf8 in mail body, mime-decode original subject.
Db_quota_text() for postgresql (concat() vs. ).
Change default date for 'created' and 'updated' columns from 0000-00-00.
(which causes problems with MySQL strict mode) to 2000-01-01.
Allow punicode even in TLDs.
Update Smarty to 3.1.29.
Add checks to login.php and cli to ensure database layout is up to date.
Whitelist '-1' as valid value for postadmin-cli.
Don't stripslashes() the password in pacrypt.
2.9307 Sep 2015 17:45
Summary of major changes:
Add list.php and list.tpl for displaying lists.
Based on *Handler struct, which means list view can now be customized with.
CONF *_struct_hook functions (columns with display_in_list and non-empty.
Label will be displayed)
Add CSV export.
Replaces list-domain.php, list-admin.php and fetchmail.php (including their.
*.tpl files) and the alias and alias domain lists in list-virtual.
Improved / more detailed search support by using URL parameters.
(list.php?search field =value, optionally also ?searchmode field = -
no pretty search form yet, limited to fields the user/admin can access).
Only display search input box if search fields are specified in *handler.
(that effectively means no search box for admin, domain and fetchmail listings).
Can also be used for users (non-admins).
Add FetchmailHandler (replaces fetchmail.php and its template), which also.
Means postadmin-cli can configure fetchmail jobs now
Add CONF 'fetchmail_struct_hook' .
Remove unused CONF 'users_domain_controle' .
New field types:
Enma - associative array (value = displayed value), must be specified in.
The "options" column
Html - raw HTML, used for mailbox status markers which include HTML tags.
B64p - passwords stored as base64, used by FetchmailHandler.
Vtxt, vnum - "virtual", read-only text/integer.
Quot - formatted quota ("5/10", read-only).
Automatically skip quot, vtxt and vnum fields in store().
Add handling of users (non-admins), including permission checks.
Add and use this- label_field and this- label for nicer messages.
Add this- order_by to allow ordering by any field(s).
Add getMsg() function.
Add msg 'can_create' .
Add is_superadmin to make admin vs. superadmin easier to handle.
Add can_edit and can_delete (only available in edit/delete mode, set by.
Init() based on the '_can_edit' and '_can_delete' from database query)
Add searchfields (list of fields to search by default, search _ ).
Add this- msg 'show
2.9230 Oct 2014 16:05
AliasHandler: don't clean goto field when making alias inactive.
list-virtual: display quota even if CONF used_quotas == NO.
vacation.pl: fix postgresql queries in vacation.pl.
Fix query in AliasHandler getList() which caused an empty list and breaks.
Deletion of aliases in MariaDB.
fetchmail.pl: fix ssl extra options (cert check, cert path, fingerprint).
Fix logging (run setup.php to fix old log entries).
fetchmail.php: change error_reporting() to exclude E_NOTICE.
Translation updates: FR, NL.
CONF default_aliases can now use the new domain as alias target.
Check that vacation start/end date are not in the past.
Update vacation INSTALL.TXT with more secure locations.
Update Smarty to 3.1.21