2017-02-09 02:39:49 -06:00
<!DOCTYPE html>
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > Upgrade iRedMail from 0.9.6 to 0.9.7< / title >
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
< / head >
< body >
< div id = "navigation" >
< a href = "/index.html" target = "_blank" >
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "upgrade-iredmail-from-096-to-097" > Upgrade iRedMail from 0.9.6 to 0.9.7< / h1 >
< div class = "toc" >
< ul >
< li > < a href = "#upgrade-iredmail-from-096-to-097" > Upgrade iRedMail from 0.9.6 to 0.9.7< / a > < ul >
< li > < a href = "#changelog" > ChangeLog< / a > < / li >
< li > < a href = "#general-all-backends-should-apply-these-steps" > General (All backends should apply these steps)< / a > < ul >
< li > < a href = "#update-etciredmail-release-with-new-iredmail-version-number" > Update /etc/iredmail-release with new iRedMail version number< / a > < / li >
2017-03-16 10:16:45 -06:00
< li > < a href = "#upgrade-roundcube-webmail-to-the-latest-stable-release-124" > Upgrade Roundcube webmail to the latest stable release (1.2.4)< / a > < / li >
2017-03-07 12:14:02 -06:00
< li > < a href = "#fixed-incorrect-sessionsave_path-in-php-fpm-pool-config-file-on-rhelcentos" > Fixed: incorrect session.save_path in php-fpm pool config file on RHEL/CentOS< / a > < / li >
2017-02-09 02:39:49 -06:00
< li > < a href = "#fixed-improper-fail2ban-filter-which-causes-incorrect-ban" > Fixed: Improper Fail2ban filter which causes incorrect ban< / a > < / li >
< / ul >
< / li >
2017-03-16 10:16:45 -06:00
< li > < a href = "#openldap-backend-special" > OpenLDAP backend special< / a > < ul >
< li > < a href = "#fixed-avoid-possible-backdooring-mysqldump-backups" > Fixed: Avoid possible backdooring mysqldump backups< / a > < / li >
< / ul >
< / li >
< li > < a href = "#mysqlmariadb-backend-special" > MySQL/MariaDB backend special< / a > < ul >
< li > < a href = "#fixed-avoid-possible-backdooring-mysqldump-backups_1" > Fixed: Avoid possible backdooring mysqldump backups< / a > < / li >
< / ul >
< / li >
2017-02-09 02:39:49 -06:00
< / ul >
< / li >
< / ul >
< / div >
< div class = "admonition warning" >
< p class = "admonition-title" > Warning< / p >
< p > THIS IS A DRAFT, DO NOT APPLY ANY STEPS MENTIONED IN THIS TUTORIAL.< / p >
< / div >
< div class = "admonition note" >
< p class = "admonition-title" > Paid Remote Upgrade Support< / p >
< p > We offer remote upgrade support if you don't want to get your hands dirty,
check < a href = "../support.html" > the details< / a > and < a href = "../contact.html" > contact us< / a > .< / p >
< / div >
< h2 id = "changelog" > ChangeLog< / h2 >
< ul >
2017-03-16 10:16:45 -06:00
< li > Mar 16, 2017: Fixed: Avoid possible backdooring mysqldump backups< / li >
< li > Mar 8, 2017: [RHEL/CentOS][Nginx] Fix incorrect < code > session.save_path< / code > in php-fpm pool config file.< / li >
< li > Feb 9, 2017: Fixed improper Fail2ban filter for Dovecot.< / li >
2017-02-09 02:39:49 -06:00
< / ul >
< h2 id = "general-all-backends-should-apply-these-steps" > General (All backends should apply these steps)< / h2 >
< h3 id = "update-etciredmail-release-with-new-iredmail-version-number" > Update < code > /etc/iredmail-release< / code > with new iRedMail version number< / h3 >
< p > iRedMail stores the release version in < code > /etc/iredmail-release< / code > after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:< / p >
< pre > < code > 0.9.7
< / code > < / pre >
2017-03-16 10:16:45 -06:00
< h3 id = "upgrade-roundcube-webmail-to-the-latest-stable-release-124" > Upgrade Roundcube webmail to the latest stable release (1.2.4)< / h3 >
< blockquote >
< p > Roundcube 1.2.4 fixes a security issue, all users are encouraged to upgrade
it as soon as possible. For more details about this release, please check
Roundcube < a href = "https://github.com/roundcube/roundcubemail/releases/tag/1.2.4" > release note< / a > .< / p >
< / blockquote >
< p > Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
latest stable release immediately:< / p >
< ul >
< li > < a href = "https://github.com/roundcube/roundcubemail/wiki/Upgrade" > How to upgrade Roundcube< / a > .< / li >
< / ul >
2017-03-07 12:14:02 -06:00
< h3 id = "fixed-incorrect-sessionsave_path-in-php-fpm-pool-config-file-on-rhelcentos" > Fixed: incorrect session.save_path in php-fpm pool config file on RHEL/CentOS< / h3 >
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< p > This is applicable to RHEL/CentOS system, and Nginx web server.< / p >
< / div >
< p > iRedMail-0.9.6 doesn't set path for < code > session.save_path< / code > parameter in php-fpm
pool config file < code > /etc/php-fpm.d/www.conf< / code > , please fix it with steps below:< / p >
< ul >
< li > Open file < code > /etc/php-fpm.d/www.conf< / code > , find line:< / li >
< / ul >
< pre > < code > php_value[session.save_path] = " /var/lib/php/session"
< / code > < / pre >
< ul >
< li > The directory name should be < code > sessions< / code > (ends with < code > s< / code > ), not < code > session< / code > . So
please change it to:< / li >
< / ul >
< pre > < code > php_value[session.save_path] = " /var/lib/php/sessions"
< / code > < / pre >
< ul >
< li > Restarting php-fpm service is required:< / li >
< / ul >
< pre > < code > service php-fpm restart
< / code > < / pre >
2017-02-09 02:39:49 -06:00
< h3 id = "fixed-improper-fail2ban-filter-which-causes-incorrect-ban" > Fixed: Improper Fail2ban filter which causes incorrect ban< / h3 >
< p > Please open file < code > /etc/fail2ban/filter.d/dovecot.iredmail.conf< / code > , remove line
below:< / p >
< pre > < code > \(no auth attempts in .* rip=< HOST>
< / code > < / pre >
2017-03-16 10:16:45 -06:00
< p > Then restart or reload Fail2ban service.< / p >
< h2 id = "openldap-backend-special" > OpenLDAP backend special< / h2 >
< h3 id = "fixed-avoid-possible-backdooring-mysqldump-backups" > Fixed: Avoid possible backdooring mysqldump backups< / h3 >
< p > For more details about this backdooring mysqldump backup issue, please read
blog post:< / p >
< ul >
< li > < a href = "https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/" > [CVE-2016-5483] Backdooring mysqldump backups< / a > .< / li >
< / ul >
< p > Steps to fix it:< / p >
< ul >
< li >
< p > Open the daily MySQL backup script, it's < code > /var/vmail/backup/backup_mysql.sh< / code >
by default. if you use different storage directory during iRedMail
installation, you can find the base directory with command < code > postconf virtual_mailbox_base< / code > .< / p >
< / li >
< li >
< p > Find variable name < code > CMD_MYSQLDUMP< / code > like below:< / p >
< / li >
< / ul >
< pre > < code > export CMD_MYSQLDUMP=" mysqldump ..."
< / code > < / pre >
< ul >
< li > Make sure it has argument < code > --skip-comments< / code > like below:< / li >
< / ul >
< pre > < code > export CMD_MYSQLDUMP=" mysqldump ... --skip-comments"
< / code > < / pre >
< ul >
< li > Save your change. That's it.< / li >
< / ul >
< h2 id = "mysqlmariadb-backend-special" > MySQL/MariaDB backend special< / h2 >
< h3 id = "fixed-avoid-possible-backdooring-mysqldump-backups_1" > Fixed: Avoid possible backdooring mysqldump backups< / h3 >
< p > For more details about this backdooring mysqldump backup issue, please read
blog post:< / p >
< ul >
< li > < a href = "https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/" > [CVE-2016-5483] Backdooring mysqldump backups< / a > .< / li >
< / ul >
< p > Steps to fix it:< / p >
< ul >
< li >
< p > Open the daily MySQL backup script, it's < code > /var/vmail/backup/backup_mysql.sh< / code >
by default. if you use different storage directory during iRedMail
installation, you can find the base directory with command < code > postconf virtual_mailbox_base< / code > .< / p >
< / li >
< li >
< p > Find variable name < code > CMD_MYSQLDUMP< / code > like below:< / p >
< / li >
< / ul >
< pre > < code > export CMD_MYSQLDUMP=" mysqldump ..."
< / code > < / pre >
< ul >
< li > Make sure it has argument < code > --skip-comments< / code > like below:< / li >
< / ul >
< pre > < code > export CMD_MYSQLDUMP=" mysqldump ... --skip-comments"
< / code > < / pre >
< ul >
< li > Save your change. That's it.< / li >
< / ul > < div class = "footer" >
2017-02-09 02:39:49 -06:00
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://bitbucket.org/zhb/iredmail-docs/src" > BitBucket repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "http://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
< / div >
< script type = "text/javascript" >
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
< / script >
< / body > < / html >