Releases: portier/portier-broker
v0.10.0
- The
rsa
feature and crate dependency have been removed. The broker now generates RSA keypairs using AWS Libcrypto (which was already a dependency). - The broker no longer uses HTTP 2 for outgoing requests, only HTTP 1.x. This reduces dependencies, and HTTP 2 has little benefit for the few small outgoing requests made by the broker.
- Timeouts for outgoing HTTP requests have been fixed and are now configurable. The defaults should be fine in most cases, but see
config.toml.dist
if you do need to change these timeouts. - Discovery now proceeds in the background if
discovery_timeout
expires. The HTTP requests are still subject to their individual timeouts, but this allows cache to warm for future authentication requests, whilediscovery_timeout
guarantees a certain response time. - Portier now sends a
List-Id
email header, intended to disable auto-responders on the receiver. - Authentication requests should no longer be double counted in
/metrics
. - Portier now sends a systemd 'stopping' notification when it begins shutdown. (This code was already present, but broken.)
v0.9.2
- This releases upgrades Rustls to address the advisory RUSTSEC-2024-0336.
v0.9.1
- Portier now logs part of the response body when receiving a HTTP error status in response to one of its outgoing requests. This should help debug issues in mailer configuration, or outgoing Webfinger / OIDC requests.
- Fixed: The new SendGrid integration introduced in v0.9.0 was broken, always resulting in a HTTP 400 status code from the SendGrid API.
- Fixed: Graceful shutdown was broken in v0.9.0, waiting indefinitely until all clients closed their (HTTP keep-alive) connections by themselves.
- Fixed: The Nix package included in the source tree failed to build AWS Libcrypto (introduced in v0.9.0 via Rustls) because of the default hardening flags added by Nixpkgs.
v0.9.0
- The minimum supported Rust compiler version has been raised to 1.72. This only affects you when building from source.
- Various dependencies have been upgraded. Most notably, all HTTP server and client functionality has been upgraded to use Hyper 1.0.
- This release incorporates a fix for GHSA-q6cp-qfwq-4gcv affecting the
h2
crate, but it is low severity for Portier. The HTTP server component in Portier does not use HTTP2. - Windows builds for this release are built using the new Rust 1.77.2 compiler, which incorporates the standard library fix for CVE-2024-24576. This advisory is low severity for Portier, because Portier only executes trusted commands, such as
generate_rsa_command
andsendmail_command
. - Portier now has support for sending mail directly using the SendGrid Web API. See the
sendgrid_token
setting inconfig.toml.dist
. - The
/metrics
endpoint now also reports 0 values.
v0.8.5
- This release fixes a security issue in the
h2
crate: RUSTSEC-2024-0003. Portier Broker is affected by this primarily in outgoing Webfinger requests or OpenID Connect discovery requests, which may use HTTP/2 connecting to untrusted hosts. Upgrading is recommended. - Various improvements were made to improve compliance with the OpenID Connect specification. These are expected to be non-breaking.
state
is now also returned with error responses.- The
prompt
parameter is now supported. For addresses that require email loop authentication,prompt=none
will now always return aninteraction_required
error. For addresses that are forwarded to another OIDC provider (like Google), theprompt
parameter is forwarded. - The
auth_time
claim was added to ID tokens. nonce
is now optional for the authorization code flow. (Portier clients typically use implicit flow, in which casenonce
is still required.)- An invalid authorization code now properly returns the
invalid_grant
error. - OIDC "request objects" are now properly rejected. (These are the
request
andrequest_uri
query parameters, not often used by clients.)
- Updated dependencies:
- Updated
redis
crate to 0.24 - Updated
ring
crate to 0.17 - Updated Hickory DNS to 0.24
- Updated
v0.8.4
- This release fixes a security issue in the
rustls-webpki
crate: RUSTSEC-2023-0053. This issue affects Portier Broker>= 0.8.0, < 0.8.4
, except custom builds that use thenative-tls
feature flag. Upgrading is strongly recommended. - Pasting the email confirmation code in the form now trims whitespace, improving compatibility with certain email clients. (by @jimdigriz)
- It is now possible to pass
_login_hint
instead oflogin_hint
to force the broker to render the email input form, but with a prefill. (by @jimdigriz)
v0.8.3
This release fixes a security issue in the openssl
crate: RUSTSEC-2023-0044
This issue affects Portier Broker < 0.8.0
on Linux, as well as source builds of >= 0.8.0, < 0.8.3
on Linux that used the native-tls
feature flag. Regular builds of >= 0.8.0
use Rustls instead of OpenSSL, and are thus not affected. Upgrading is strongly recommended.
v0.8.2
-
This release fixes CVE-2023-26964, a moderate severity issue in the
h2
crate. Portier Broker is affected by this primarily in outgoing Webfinger requests or OpenID Connect discovery requests, which may use HTTP/2 connecting to untrusted hosts. Upgrading is recommended. -
This release adds support for listening on Unix sockets via socket activation. See the updated example systemd socket unit.
v0.8.1
-
This release fixes three security issues in the
openssl
crate: RUSTSEC-2023-0022, RUSTSEC-2023-0023, RUSTSEC-2023-0024.These issues affect Portier Broker
< 0.8.0
on Linux, as well as source builds of>= 0.8.0, < 0.8.1
on Linux that used thenative-tls
feature flag. Regular builds of>= 0.8.0
use Rustls instead of OpenSSL, and are thus not affected. Upgrading is strongly recommended. -
The broker is now packaged as a Nix flake, and may be used as an input with, for example, the URL:
"github:portier/portier-broker/v0.8.1"
v0.8.0
-
This release switches the default TLS implementation to Rustls. The broker may use TLS to connect to mailservers, to perform OpenID Connect discovery requests, and to perform Webfinger requests.
The Rustls implementation will still use the system root certificate store on all platforms (and honors OpenSSL environment variables to find it), so this change should be mostly transparent.
Official release builds will use Rustls going forward. The
native-tls
backend is still available via feature flags when building from source. -
The broker can now generate RSA keypairs without the help of the
openssl
command-line tool. This is implemented using the rsa crate. A new optionrsa_modulus_bits
allows configuring the size of the RSA keypair generated, and defaults to 2048. (The same as the old default forgenerate_rsa_command
).The
generate_rsa_command
option is still available, so if it is set, the broker will still invoke an external command to generate keypairs. -
Linux release builds (and Docker images) are now also available for
armv7
(32-bit ARM with hard-float). -
Linux release builds (and Docker images) are now static binaries built using musl libc.
This change should be mostly transparent. It is still possible to make glibc builds by building from source.
A possible concern when upgrading to this version is that it no longer uses NSS to resolve hostnames, because this is not supported by musl libc. This may be an issue if you were using mDNS, LDAP, or some other NSS module to resolve your mailserver, for example.
-
Docker images are now also available on GitHub Container Registry as
ghcr.io/portier/portier-broker
. This is in addition to Docker Hub, and these are the exact same images. -
Docker images are now based on an Alpine Linux base.
Note that the user ID the brokers runs as inside the container has also changed from 999 to 2000.