Froxlor bugfix release 2.3.2

What's Changed

• Permissions on the parent directory of the configdir are too strict by @RipClaw2971 in #1367
• Installer throws a 500 error in version 2.3.1 but works with version 2.3.0 by @RipClaw2971 in #1368

Full Changelog: 2.3.1...2.3.2

Froxlor maintenance release 2.3.1

What's Changed

• Fix empty PATH_INFO fastcgi_param in nginx by @bashgeek in #1357
• Fix implicitly marked variables as null by @bashgeek in #1359
• Enhance session path validation in PhpSessionclean by @ZARk-be in #1360
• fix froxlor (an probably many others) on http3: populate [HTTP_HOST] by @realrellek in #1361
• Fix pop3_logout_format for Dovecot 2.4 by @bashgeek in #1363
• Remove curl_close() calls, has been not doing anything since 8.0 and is now officiall deprecated by @bashgeek in #1364
• Remove http3_hq from vhost by @realrellek in #1366
• Add 'always' to add_header for HSTS and h3 by @realrellek in #1365

New Contributors

• @ZARk-be made their first contribution in #1360

Full Changelog: 2.3.0...2.3.1

froxlor 2.3 – SSH-key management, API upgrades, HTTP/3 & Debian 13 support

What's Changed

• Bump form-data from 4.0.2 to 4.0.4 by @dependabot[bot] in #1341
• Bump vite from 6.3.5 to 6.3.6 by @dependabot[bot] in #1347
• Add nginx HTTP/3 support by @lukasbableck in #1285
• Changing sendmail default to postmaster@DOMAIN (#1349) by @realrellek in #1350
• Bump vite from 6.3.6 to 6.4.1 by @dependabot[bot] in #1353

New Contributors

• @realrellek made their first contribution in #1350

Full Changelog: 2.2.8...2.3.0

froxlor 2.3 RC – SSH-key management, API upgrades, HTTP/3 & Debian 13 support

What's Changed

• Bump form-data from 4.0.2 to 4.0.4 by @dependabot[bot] in #1341
• Bump vite from 6.3.5 to 6.3.6 by @dependabot[bot] in #1347
• Add nginx HTTP/3 support by @lukasbableck in #1285
• Changing sendmail default to postmaster@DOMAIN (#1349) by @realrellek in #1350
• Bump vite from 6.3.6 to 6.4.1 by @dependabot[bot] in #1353

New Contributors

• @realrellek made their first contribution in #1350

Full Changelog: 2.2.8...2.3.0-rc1

Official Announcement

See Forum

Froxlor maintenance release 2.2.8

What's Changed

• Bump league/commonmark from 2.6.2 to 2.7.0 by @dependabot in #1329
• Update for Hungarian language by @kissgyula in #1330
• Relax dkim_entry visibilty for admins in domain editor like it is for customers by @dtugend in #1336

New Contributors

• @dtugend made their first contribution in #1336

Full Changelog: 2.2.7...2.2.8

Froxlor bugfix release 2.2.7

What's Changed

• Explicitely mark nullable type parameters as such by @bashgeek in #1313
• Bump vite from 6.2.0 to 6.2.4 by @dependabot in #1320
• Bump axios from 1.8.1 to 1.8.2 by @dependabot in #1321
• Bump vite from 6.2.4 to 6.2.5 by @dependabot in #1322
• Bump vite from 6.2.5 to 6.2.6 by @dependabot in #1323
• Bump vite from 6.2.6 to 6.3.4 by @dependabot in #1327

Full Changelog: 2.2.6...2.2.7

Froxlor bugfix release 2.2.6

New:

• [settings] add new settings to set default values for customer antispam options for new email addresses (settings advanced-mode)
• [cron] add new task to (re)configure mail/ftp services with let's encrypt; refs #1297
• [system] allow admins without change-serversettings to adjust dkim flag of domains
• [ui] hide webserver-ssl-options for new domains if no default ssl-ip-addresses are selected in the settings
• [languages] added Hungarian translation (#1310)

Security:

• force admin email addresses to be unique and not be used for customers, fixes GHSA-7j6w-p859-464f
• do not output potentially unsafe content, fixes GHSA-26xq-m8xw-6373

Fixes:

• show necessary dns entries for mail/antispan also in admin-view of domain
• fix empty firstname/name but set company when editing a customer via API
• allow cidr (forward slash) in spf settings-regex; fixes #1295
• correctly create ssl-redirect if let's encrypt is already activated; fixes #1294
• set sender-address of emails which were sent using an admin/a reseller to the global settings email so sending it using provided smtp - settings will not fail antispam checks; fixes #1289
• fix permissions of global mysql-user for customers; fixes #1286
• can-edit-domain is not required to create subdomains of that domain if subdomains are allowed
• set cookie SameSite option to 'Lax' for loginlinks to work as intended; fixes #1299
• corrected regex for dns CAA entries; fixes #1300
• add safety when unsetting isemaildomain flag in domain, fixes #1305
• fix deletion of webserver-logfiles when customer gets deleted, thx to irisdina
• fix plaintext-mail content, thx to AlexL
• fix 'show necessary dns entries for mail/antispan also in admin-view of domain' if bind is enabled but domain is not using nameserver

Full Changelog: 2.2.5...2.2.6

2.2.5

• fixed editing email-address catchall-flag not working - #1288
• fixed wrong settings-index-name for apache-2.4 flag - #1290

Full Changelog: 2.2.4...2.2.5

2.2.4

New:

• [config-services] add validation for empty or non-existing configuration template xml files
• [antispam] add rewrite-subject flag to email-edit form; hide spam-related settings if 'bypass_spam' is activated; add possibility to disable rejection of spam-mails, refs #1282
• [updater] add possibility to ask for potential update question in CLI updater and also pass them as options to override them

Fixes:

• fix timestamp matching regex, add lmtp to receving service regex and skip lines not including the main target service name in maillog parser
• fix successful login when using email 2fa
• fix language replacement and fix 'sending messages' after successfully sending prior, thx to Davidd
• [php-fpm] remove 'date.timezone' from php_admin_values (superfluous as it is in php_values)
• [antispam] set rewrite_subject to a slighty higher score then used for add_header, fixes #1275
• exchange toggler-links with checkboxes in email edit form to be able to adjust all parameters at once, fixes #1277
• store IDN email-usernames in ACE, as dovecot/postfix need them this way
• do not issue let's encrypt for email_only domains (in case they were web-enabled prior, we do not unset former settings to ease reverting back when disabling email_only)
• fix incorrect width of APCu Hit/Miss bar (#1283)
• check whether mysql-user exists prior to DROP USER for mysql < 5.7
• fix wrong fieldname in email-domain-overview

Full Changelog: 2.2.1...2.2.4

2.2.1

Changes

• add condition to the remember-me checkbox for updaters when the
  token-table does not exist yet
• dont generate dhparam file as fallback but use defined FFDHE4096
  group; fixes #1270
• Fix missing proftpd-mod-wrap installation (#1272)
• show antispam options for email-editing only if enabled
• fix storing multiple-choice-select values, thx to 21MILEX on
  Discord, fixes #1269
• Add |raw to h5 in formfields template (#1268)