Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
In opensolutions/OSS-Framework#43 it was pointed out that a typo in the authentication code meant that the md5.salted and sha1.salted password schemes didn't actually use the requested salt string but a fixed salt of "md5.salted" and "sha1.salted" respectively.
This has been corrected in this commit: https://git.io/vV5iE
A note to this effect has been added to ViMbAdmin is this commit: https://git.io/vV5ii
As a result of this, "md5.salted" and "sha1.salted" have been replaced with hyphenated versions: "md5-salted" and "sha1-salted" which will use the actual salt as requested.
For all existing ViMbAdmin installations, "md5.salted" and "sha1.salted" will continue to work but with the static salts of "md5.salted" and "sha1.salted" respectively.
One should always pick a hashing function as strong as your mail system allows. At time of writing, Dovecot ( http://wiki2.dovecot.org/Authentication/PasswordSchemes ) recommends one of BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT in descending order of strength
As such, the default version ViMbAdmin ships with in application.ini.dist is now:
defaults.mailbox.password_scheme = "dovecot:BLF-CRYPT"
While no code changes have occurred in ViMbAdmin, we've pushed a new release to mark this issue:
NB: no code changes have actually occurred in ViMbAdmin but rather a library used by ViMbAdmin. To get the new version of the library, just run:
- Really really close #176 ;-) (ddf8963 - Barry O'Donovan - 2016-04-03)
- Close #174 (06929c5 - Barry O'Donovan - 2016-04-02)
- Really close #83 (19a5911 - Barry O'Donovan - 2016-04-02)
- Really fix composer smarty reference (05e23fd - Barry O'Donovan - 2016-04-02)
- Tidy up PR #134 (165fae8 - Barry O'Donovan - 2016-04-02)
- Make sure the toggle function for the alias return the correct value to return error message to user why a alias could not be deactivated. (b65ac65 - Matthias Fechner - 2014-09-29)
- A not existing hook function in a plugin will always cause a true return value to not break interrupt flow. (d4f2fd6 - Matthias Fechner - 2014-09-29)
- If an alias is deleted, continue only, if all called hooks from all plugins give green light to continue with the deletion. (13120a8 - Matthias Fechner - 2014-09-27)
- Added the possibility that a plugin function can stop the workflow if it return a false. (3a0e58e - Matthias Fechner - 2014-09-27)
- Merge pull request #110 from ghost/patch-1 (3a626a3 - Barry O'Donovan - 2016-04-02)
- Merge pull request #145 from reissmann/feature/103_autocomplete (4a951a2 - Barry O'Donovan - 2016-04-02)
- Merge pull request #152 from kaechele/patch-1 (5380e97 - Barry O'Donovan - 2016-04-02)
- [BF] fix min password length - fixes #158 (98084e8 - Barry O'Donovan - 2016-04-02)
- [BF|IM] Allow new style domain names - fixes #165 (60a4026 - Barry O'Donovan - 2016-04-02)
- Merge pull request #172 from troggy/fix-email-validation (de87d78 - Barry O'Donovan - 2016-04-02)
- Allow TLDs longer then 4 chars (f048df9 - Kosta Korenkov - 2016-03-23)
- Use Smarty from Packagist - fixes #168 #closes #169 (b78a4ce - Barry O'Donovan - 2016-03-16)
- More securely parse the version - fixes #161 (27775f0 - Barry O'Donovan - 2016-01-07)
- [NF] new mail/homedir substitution option (b644475 - Barry O'Donovan - 2015-08-28)
- Fix mail config typo in sample config (235b206 - Felix Kaechele - 2015-08-28)
- Update README.md (dccd8b8 - Barry O'Donovan - 2015-07-20)
- disable autocompletion on password formfields. fixes #103 and fixes #144. (3f70145 - Sven Reissmann - 2015-07-08)
- Update vimbadmin (e2fce46 - Barry O'Donovan - 2015-06-02)
- [BF] Fix #139 (4e07b1f - Barry O'Donovan - 2015-05-31)
- Create CONTRIBUTING.md (c24c04a - Barry O'Donovan - 2015-03-28)
- Merge pull request #130 from Tribal-Dolphin/master (549882e - Barry O'Donovan - 2015-03-14)
- Domain Form accepts plugins (86db6b4 - Tribal-Dolphin - 2015-03-14)
- Merge pull request #129 from Tribal-Dolphin/master (002be21 - Barry O'Donovan - 2015-03-14)
- Domain Hook (591cd3b - Tribal-Dolphin - 2015-03-14)
- Domain Hooks (88783c2 - Tribal-Dolphin - 2015-03-14)
## Domain Hooks
The following domain hooks have been added for plugins with thanks to @Tribal-Dolphin:
Pop-ups stopped working in the latest release of Google Chrome. This is fixed by updating the throbber.js library.
Smarty is now pushed to v3.1.18.
Another minor version bump to fix issues caused by Smarty's releases. We now hardcode the required version of Smarty to 3.1.17. This is a temporary solution which we can hopefully remove with Smarty 3.1.19.
A small number of bug fixes. The main one is a break in composer/Smarty which the folks at Smarty say will be fixed in their next release.
- [BF] Fix Smarty date_format issue (11a6466 - Barry O'Donovan - 2014-05-08)
- [BF] Fix issue with Smarty at the moment (2) (a80abc5 - Barry O'Donovan - 2014-05-05)
- [BF] Seems to be an issue with Smarty at the moment - this fixes it (d91b97f - Barry O'Donovan - 2014-05-03)
- [BF] Fix mailing lists (234539c - Barry O'Donovan - 2014-04-07)
Reminder: Upgrade instructions at https://github.com/opensolutions/ViMbAdmin/wiki/Updating