Skip to content

🦾6️⃣4️⃣ 🐄 Janmooary 2024 Update Revision C | Netfilter Security Update
Compare
Choose a tag to compare
@DerLinkman DerLinkman released this 02 Feb 14:54
· 60 commits to master since this release
2024-01c
1e09df2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

⚠️This update includes a security fix, so we highly recommend that all users upgrade to this latest version to ensure the security of their systems. ⚠️

Users who are unable to update and share their system with potential attackers on the same network, such as with some hosting providers, should apply the following iptables/nftables rule:

iptables:
iptables -I DOCKER-USER ! -i br-mailcow -o br-mailcow -p tcp -m multiport --dport 3306,6379,8983,12345 -j DROP

nftables:
nft insert rule ip "filter" "DOCKER-USER" iifname != "br-mailcow" oifname "br-mailcow" tcp dport {3306, 6379, 8983, 12345} counter packets 0 bytes 0 drop

Read the Security advisory here: GHSA-gmpj-5xcm-xxx6

What's Changed

  • chore(deps): update peter-evans/create-pull-request action to v6 by @renovate in #5683
  • sogo: fix ACL allow authenticated users + rebuild on Bookworm by @DerLinkman in #5688
  • [Postfix] update postscreen_access.cidr by @milkmaker in #5686
  • [Netfilter] add mailcow isolation rule to MAILCOW chain by @FreddleSpl0it in #5696

Full Changelog: 2024-01b...2024-01c
Blog: https://mailcow.email/posts/2024/release-2024-01/

Contributors

renovate, DerLinkman, and 2 other contributors
Assets 2