⚠️This update includes a security fix, so we highly recommend that all users upgrade to this latest version to ensure the security of their systems. ⚠️
Users who are unable to update and share their system with potential attackers on the same network, such as with some hosting providers, should apply the following iptables/nftables rule:
iptables:
iptables -I DOCKER-USER ! -i br-mailcow -o br-mailcow -p tcp -m multiport --dport 3306,6379,8983,12345 -j DROP
nftables:
nft insert rule ip "filter" "DOCKER-USER" iifname != "br-mailcow" oifname "br-mailcow" tcp dport {3306, 6379, 8983, 12345} counter packets 0 bytes 0 drop
Read the Security advisory here: GHSA-gmpj-5xcm-xxx6
What's Changed
- chore(deps): update peter-evans/create-pull-request action to v6 by @renovate in #5683
- sogo: fix ACL allow authenticated users + rebuild on Bookworm by @DerLinkman in #5688
- [Postfix] update postscreen_access.cidr by @milkmaker in #5686
- [Netfilter] add mailcow isolation rule to MAILCOW chain by @FreddleSpl0it in #5696
Full Changelog: 2024-01b...2024-01c
Blog: https://mailcow.email/posts/2024/release-2024-01/