Hi all. Version v0.43 is published. This version contains two security fixes.
- A security issue was discovered in rsync backups. If you have enabled rsync backups, the file
id_rsa_miabmay have been copied to your backup destination. This file can be used to access your backup destination. If the file was copied to your backup destination, we recommend that you delete the file on your backup destination, delete
/root/.ssh/id_rsa_miabon your Mail-in-a-Box, then re-run Mail-in-a-Box setup, and re-configure your SSH public key at your backup destination according to the instructions in the Mail-in-a-Box control panel.
- Brute force attack prevention was missing for the
The update also fixes several other problems, including a Nextcloud update problem.
Instructions for updating your box are at https://mailinabox.email/. The full set of changes is below.