From fca33a7e72e7c20ce0860ba18cd7795dc513e5ce Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Thu, 4 Apr 2024 09:37:45 +0200 Subject: [PATCH] Release 2024-04 --- .../posts/2024/release-2024-04/index.de.md | 56 +++++++++++++++++++ .../posts/2024/release-2024-04/index.en.md | 56 +++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 content/posts/2024/release-2024-04/index.de.md create mode 100644 content/posts/2024/release-2024-04/index.en.md diff --git a/content/posts/2024/release-2024-04/index.de.md b/content/posts/2024/release-2024-04/index.de.md new file mode 100644 index 00000000..335b8f5c --- /dev/null +++ b/content/posts/2024/release-2024-04/index.de.md @@ -0,0 +1,56 @@ +--- +title: "🥚🐄 Moopril Update 2024 | Sicherheitsupdate" +date: 2024-04-04T09:30:00+02:00 +draft: false + +author: Patrick Schult/FreddleSpl0it +authorLink: "https://github.com/FreddleSpl0it" +toc: true + +license: "" + +tags: ["2024", "update", "important", "security"] +categories: ["Updates"] + +--- + +## 2024-04 (Release vom 04.04.2024) + +**Moohoo** Alle zusammen! + +Mit dem Moopril Update werden zwei Sicherheitslücken in der mailcow geschlossen. +1. CVE-2024-31204: XSS Vulnerability via Exception Handler +2. CVE-2024-30270: Path Traversal and Arbitrary Code Execution Vulnerability + +Außerdem wurde SOGo auf die Version 5.10.0 aktualisiert und ein Fehler in der domainweiten Fußzeile wurde behoben. + +### Changelog + +* chore(deps): update thollander/actions-comment-pull-request action to v2.5.0 by @renovate in https://github.com/mailcow/mailcow-dockerized/pull/5747 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5762 +* sogo: upgrade to 5.10.0 by @DerLinkman in https://github.com/mailcow/mailcow-dockerized/pull/5765 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5777 +* [Web]Small change about zh-cn translation by @aaadddfgh in https://github.com/mailcow/mailcow-dockerized/pull/5789 +* [Postfix] update postscreen_access.cidr by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5770 +* Remove one GmbH in Dockerfiles by @MAGICCC in https://github.com/mailcow/mailcow-dockerized/pull/5743 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5810 +* Update French translation by @yvan-algoo in https://github.com/mailcow/mailcow-dockerized/pull/5805 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5813 +* [Postfix] update postscreen_access.cidr by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5811 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5815 +* [Rspamd] Set local_addrs lo mailcow networks by @dragoangel in https://github.com/mailcow/mailcow-dockerized/pull/5812 +* [Rspamd] milter update Content-Type and Content-Transfer-Encoding header by @FreddleSpl0it in https://github.com/mailcow/mailcow-dockerized/pull/5751 +* [Web] fix exception handler and rspamd_maps function by @FreddleSpl0it in https://github.com/mailcow/mailcow-dockerized/pull/5818 + +Der vollständige Changelog, einschließlich der einzelnen Commits, ist für Interessierte jederzeit auf GitHub verfügbar: +https://github.com/mailcow/mailcow-dockerized/releases/tag/2024-04 + +--- + +Ein großes Dankeschön an [Paul Gerste](https://github.com/paul-gerste-sonarsource) von [Sonar](https://www.sonarsource.com/) für das Melden der Sicherheitslücken. +Vergesst nicht, euren E-Mail-Server immer auf dem neuesten Stand zu halten! + +Bleibt gesund und frohes Mailing. + +Euer mailcow-Team +> Patrick diff --git a/content/posts/2024/release-2024-04/index.en.md b/content/posts/2024/release-2024-04/index.en.md new file mode 100644 index 00000000..3498527b --- /dev/null +++ b/content/posts/2024/release-2024-04/index.en.md @@ -0,0 +1,56 @@ +--- +title: "🥚🐄 Moopril Update 2024 | Security Update" +date: 2024-04-04T09:30:00+02:00 +draft: false + +author: Patrick Schult/FreddleSpl0it +authorLink: "https://github.com/FreddleSpl0it" +toc: true + +license: "" + +tags: ["2024", "update", "important", "security"] +categories: ["Updates"] + +--- + +## 2024-04 (Release April 4th, 2024) + +**Moohoo** Everyone! + +With the Moopril update, two security vulnerabilities in mailcow will be closed. +1. CVE-2024-31204: XSS Vulnerability via Exception Handler +2. CVE-2024-30270: Path Traversal and Arbitrary Code Execution Vulnerability + +Additionally, SOGo has been updated to version 5.10.0, and a bug in the domain-wide footer has been fixed. + +### Changelog + +* chore(deps): update thollander/actions-comment-pull-request action to v2.5.0 by @renovate in https://github.com/mailcow/mailcow-dockerized/pull/5747 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5762 +* sogo: upgrade to 5.10.0 by @DerLinkman in https://github.com/mailcow/mailcow-dockerized/pull/5765 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5777 +* [Web]Small change about zh-cn translation by @aaadddfgh in https://github.com/mailcow/mailcow-dockerized/pull/5789 +* [Postfix] update postscreen_access.cidr by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5770 +* Remove one GmbH in Dockerfiles by @MAGICCC in https://github.com/mailcow/mailcow-dockerized/pull/5743 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5810 +* Update French translation by @yvan-algoo in https://github.com/mailcow/mailcow-dockerized/pull/5805 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5813 +* [Postfix] update postscreen_access.cidr by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5811 +* Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5815 +* [Rspamd] Set local_addrs lo mailcow networks by @dragoangel in https://github.com/mailcow/mailcow-dockerized/pull/5812 +* [Rspamd] milter update Content-Type and Content-Transfer-Encoding header by @FreddleSpl0it in https://github.com/mailcow/mailcow-dockerized/pull/5751 +* [Web] fix exception handler and rspamd_maps function by @FreddleSpl0it in https://github.com/mailcow/mailcow-dockerized/pull/5818 + +The complete changelog, including individual commits, is available on GitHub for those interested: +https://github.com/mailcow/mailcow-dockerized/releases/tag/2024-04 + +--- + +Thanks to [Paul Gerste](https://github.com/paul-gerste-sonarsource) from [Sonar](https://www.sonarsource.com/) for reporting the security vulnerabilities. +Please always ensure your email server is up to date with patches! + +Stay healthy and happy mailing. + +Your mailcow team +> Patrick