PostfixAdmin 3.0.2 released (security release!)

[Christian Boltz]

I just released PostfixAdmin 3.0.2.

The most important reason for the release was a SECURITY FIX: don't allow to delete protected aliases (CVE-2017-5930, PR#23). Thanks to Janfred @github for the report and the pull request!

Besides that, the following non-security bugs were fixed:
- fix VacationHandler for PostgreSQL
- AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performance on setups with lots of mailboxes
- allow switching between dovecot: password schemes while still accepting passwords hashed using the previous dovecot: scheme
- FetchmailHandler: use a valid date as default for 'date'
- fix date formatting in non-english languages when using PostgreSQL
- debian packaging: improve dependencies, remove old templates_c/ files
- various small fixes

Updates from 3.0 should be boring, you don't even need to run setup.php.

If you update from an older version, please run setup.php to update your database. Actually PostfixAdmin will even tell you if you forgot that ;-)

[Denis]

sory for my comment, but lost some time... don't forget:
chmod 764 /postfixadmin/ADDITIONS/cleanupdirs.pl
chmod 774 /postfixadmin/scripts/postfixadmin-cli
chmod 774 /postfixadmin/templates_c

[GingerDog]

On 09/02/17 12:18, Denis wrote:

sory for my comment, but lost some time... don't forget:

If you install the debian package :

chmod 764 /postfixadmin/ADDITIONS/cleanupdirs.pl

is :

/usr/share/doc/postfixadmin/examples/cleanupdirs.pl.gz

chmod 774 /postfixadmin/scripts/postfixadmin-cli

doesn't exist.... probably an oversight on my behalf.

chmod 774 /postfixadmin/templates_c

no longer present.

Smarty doesn't compile templates. Unless you're a very busy PFA site,
then this won't matter.

David.

[Christian Boltz]

764 and 774 are very unusual permissions, 755 is probably a better choice.