β οΈ Vulnerability fixedβ οΈ
This update addresses a critical vulnerability that allowed Remote Code Execution (RCE) by authenticated admin users.
All users are strongly advised to update. A CVE will follow the next Days.
What's Changed
- compose: add selinux label to mysql-socket-vol (permission) by @DerLinkman in #6560
- [Postfix] update postscreen_access.cidr by @milkmaker in #6573
- [Postfix] update postscreen_access.cidr by @milkmaker in #6611
- [ACME] Remove deprecated ACME_CONTACT variable by @FreddleSpl0it in #6617
- [Dovecot] Use Jinja2 sandbox for rendering quota and quarantine notif⦠by @FreddleSpl0it in #6631
- Translations update from Weblate by @milkmaker in #6548
- Translations update from Weblate by @milkmaker in #6552
- Translations update from Weblate by @milkmaker in #6582
- Translations update from Weblate by @milkmaker in #6589
- Translations update from Weblate by @milkmaker in #6599
- Translations update from Weblate by @milkmaker in #6600
- Translations update from Weblate by @milkmaker in #6601
- Translations update from Weblate by @milkmaker in #6609
- Translations update from Weblate by @milkmaker in #6614
- Translations update from Weblate by @milkmaker in #6622
- Translations update from Weblate by @milkmaker in #6629
Full Changelog: 2025-05...2025-07