NEW FEATURES:
Moved System –> Console Settings from the Pro version to the Community version. Streamlined system URLs (Secure Portal Address, User Portal Address) to use the system IP or Host Name set in System –> Console Settings.
Moved System –> System Certificates from the Pro version to the Community version. Import Certificate and Generate CSR is available on the Community version, Request Acme Certificate is available on the Pro version only.
Moved Gateway –> SMTP TLS Settings from the Pro version to the Community version.
Moved Content Checks –> Custom Antispam Filter Tests from the Pro version to the Community version.
Upgraded User Console interface at /users/ to version 2.0. Changed authentication code and made it less resilient to attacks. Increased hash iteration from 5000 to 10000 iterations leveraging SHA-512 algorithm. As a result, this update resets all User Console passwords and forces users to enter new paswords next time they login to the User Console. Added haveibeenpwned.com password checking feature. Removed password complexity requirements, set password lenghts to between 8 and 64 characters as per NIST 800-63 password guidelines. Improved Forgot Password functionality.
THE FOLLOWING PAGES HAVE BEEN UPGRADED TO VERSION 2.0:
Admin Console –> Gateway –> SMTP TLS Settings RENAMED/MOVED TO Admin Console –> Gateway –> SMTP TLS Settings (Pro Only)
Admin Console –> Gateway –> SMTP TLS Policy RENAMED/MOVED TO Admin Console –> Gateway –> SMTP TLS Settings (Pro Only)
User Console –> Report Settings
User Console –> Sender Filters
User Console –> Change Password
User Console –> Message History
FIXES:
Added function to not allow the deletion of the system-self-signed Certificate in System –> System Certificates.
Removed duplicate (smtpd_tls_CAfile) in /etc/postfix/main.cf. Did not seem to cause issues but it’s cleaner now.
Added error handling in /inc/restart_authelia.com and /inc/restart_nginx.cfm.
Fixed /etc/logrotate.d/authelia permission issue.
Fixed various queries in view_message.cfm, view_message_history.cfm, view_smtp_tls_settings.cfm, view_system_certificates.cfm to make them less vulnerable to SQL injection attacks.
Fixed issue with in /opt/hermes/conf_files/50-user.HERMES where amavis was ignoring per user SVF policies because it was looking in the wrong SQL table and it was falling back to the Default policy.
Fixed issue when adding external recipients encryption defaulting to postmaster e-mail address due to external recipients encryption using the same session.email variable as in the Application.cfc.
Fixed issue with System –> Network Settings javascript not showing static settings when network mode was set to Static
Fixed issue with Train Spam, Train Ham and Forget Messages routines in both the Admin and the Users Consoles not syncing the Bayes Database.