From 365ecf593585e02ffde027f1d459b0e0605e8bfb Mon Sep 17 00:00:00 2001 From: wernerfred <20406381+wernerfred@users.noreply.github.com> Date: Tue, 23 Feb 2021 21:29:09 +0100 Subject: [PATCH] chore: prepare v9.0.0 --- CHANGELOG.md | 25 +++++++++++++++++++++++++ README.md | 4 ++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b9c21715..2e2ee342 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,30 @@ # Changelog +## `v9.0.0` + +- **[feat]** Support extra `user_attributes` in accounts configuration ([#1792](https://github.com/docker-mailserver/docker-mailserver/pull/1792)) +- **[feat]** Add possibility to use a custom dkim selector ([#1811](https://github.com/docker-mailserver/docker-mailserver/pull/1811)) +- **[feat]** TLS: Dual (aka hybrid) certificate support! (eg ECDSA certificate with an RSA fallback for broader compatibility) ([#1801](https://github.com/docker-mailserver/docker-mailserver/pull/1801)). + - This feature is presently only for `SSL_TYPE=manual`, all you need to do is provide your fallback certificate to the `SSL_ALT_CERT_PATH` and `SSL_ALT_KEY_PATH` ENV vars, just like your primary certificate would be setup for manual mode. +- **[security]** TLS: You can now use ECDSA certificates! ([#1802](https://github.com/docker-mailserver/docker-mailserver/pull/1802)) + - Warning: ECDSA may not be supported by legacy systems (most pre-2014). You can provide an RSA certificate as a fallback. +- **[fix]** TLS: For some docker-compose setups when restarting the docker-mailserver container, internal config state may have been persisted despite making changes that should reconfigure TLS (eg changing `SSL_TYPE` or replacing the certificate file) ([#1801](https://github.com/docker-mailserver/docker-mailserver/pull/1801)). +- **[refactor]** Split `start-mailserver.sh` ([#1820](https://github.com/docker-mailserver/docker-mailserver/pull/1820)) +- **[fix]** Linting now uses local path to remove the sudo dependency ([#1831](https://github.com/docker-mailserver/docker-mailserver/pull/1831)). + + +### Breaking Changes: + +- **[security]** TLS: `TLS_LEVEL=modern` has changed the server-side preference order to 128-bit before 256-bit encryption ([#1802](https://github.com/docker-mailserver/docker-mailserver/pull/1802)). + - NOTE: This is still very secure but may result in misleading lower scores/grades from security audit websites. +- **[security]** TLS: `TLS_LEVEL=modern` removed support for AES-CBC cipher suites and follows best practices by supporting only AEAD cipher suites ([#1802](https://github.com/docker-mailserver/docker-mailserver/pull/1802)). + - NOTE: As TLS 1.2 is the minimum required for modern already, AEAD cipher suites should already be supported and preferred. +- **[security]** TLS: `TLS_LEVEL=intermediate` has removed support for cipher suites using RSA for key exchange (only available with an RSA certificate) ([#1802](https://github.com/docker-mailserver/docker-mailserver/pull/1802)). + - NOTE: This only affects Dovecot which supported 5 extra cipher suites using AES-CBC and AES-GCM. Your users MUA clients should be unaffected, preferring ECDHE or DHE for key exchange. +- **[refactor]** Complete refactoring of opendkim script ([#1812](https://github.com/docker-mailserver/docker-mailserver/pull/1812)). + - NOTE: Use `./setup.sh config dkim help` to see the new syntax. + + ## `v8.0.1` This release is a hotfix for #1781. diff --git a/README.md b/README.md index 0f3211da..9bc24f46 100644 --- a/README.md +++ b/README.md @@ -87,8 +87,8 @@ and the `setup.sh` **in the correct version** ``` BASH # if you're using :edge as the image tag wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/setup.sh -# if you're using :latest (= :8.0.1) as the image tag -wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v8.0.1/setup.sh +# if you're using :latest (= :9.0.0) as the image tag +wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v9.0.0/setup.sh chmod a+x ./setup.sh