v0.10.0

• The rsa feature and crate dependency have been removed. The broker now generates RSA keypairs using AWS Libcrypto (which was already a dependency).
• The broker no longer uses HTTP 2 for outgoing requests, only HTTP 1.x. This reduces dependencies, and HTTP 2 has little benefit for the few small outgoing requests made by the broker.
• Timeouts for outgoing HTTP requests have been fixed and are now configurable. The defaults should be fine in most cases, but see config.toml.dist if you do need to change these timeouts.
• Discovery now proceeds in the background if discovery_timeout expires. The HTTP requests are still subject to their individual timeouts, but this allows cache to warm for future authentication requests, while discovery_timeout guarantees a certain response time.
• Portier now sends a List-Id email header, intended to disable auto-responders on the receiver.
• Authentication requests should no longer be double counted in /metrics.
• Portier now sends a systemd 'stopping' notification when it begins shutdown. (This code was already present, but broken.)

v0.9.2

• This releases upgrades Rustls to address the advisory RUSTSEC-2024-0336.

v0.9.1

• Portier now logs part of the response body when receiving a HTTP error status in response to one of its outgoing requests. This should help debug issues in mailer configuration, or outgoing Webfinger / OIDC requests.
• Fixed: The new SendGrid integration introduced in v0.9.0 was broken, always resulting in a HTTP 400 status code from the SendGrid API.
• Fixed: Graceful shutdown was broken in v0.9.0, waiting indefinitely until all clients closed their (HTTP keep-alive) connections by themselves.
• Fixed: The Nix package included in the source tree failed to build AWS Libcrypto (introduced in v0.9.0 via Rustls) because of the default hardening flags added by Nixpkgs.

v0.9.0

• The minimum supported Rust compiler version has been raised to 1.72. This only affects you when building from source.
• Various dependencies have been upgraded. Most notably, all HTTP server and client functionality has been upgraded to use Hyper 1.0.
• This release incorporates a fix for GHSA-q6cp-qfwq-4gcv affecting the h2 crate, but it is low severity for Portier. The HTTP server component in Portier does not use HTTP2.
• Windows builds for this release are built using the new Rust 1.77.2 compiler, which incorporates the standard library fix for CVE-2024-24576. This advisory is low severity for Portier, because Portier only executes trusted commands, such as generate_rsa_command and sendmail_command.
• Portier now has support for sending mail directly using the SendGrid Web API. See the sendgrid_token setting in config.toml.dist.
• The /metrics endpoint now also reports 0 values.

v0.8.5

• This release fixes a security issue in the h2 crate: RUSTSEC-2024-0003. Portier Broker is affected by this primarily in outgoing Webfinger requests or OpenID Connect discovery requests, which may use HTTP/2 connecting to untrusted hosts. Upgrading is recommended.
• Various improvements were made to improve compliance with the OpenID Connect specification. These are expected to be non-breaking.
  • state is now also returned with error responses.
  • The prompt parameter is now supported. For addresses that require email loop authentication, prompt=none will now always return an interaction_required error. For addresses that are forwarded to another OIDC provider (like Google), the prompt parameter is forwarded.
  • The auth_time claim was added to ID tokens.
  • nonce is now optional for the authorization code flow. (Portier clients typically use implicit flow, in which case nonce is still required.)
  • An invalid authorization code now properly returns the invalid_grant error.
  • OIDC "request objects" are now properly rejected. (These are the request and request_uri query parameters, not often used by clients.)
• Updated dependencies:
  • Updated redis crate to 0.24
  • Updated ring crate to 0.17
  • Updated Hickory DNS to 0.24

v0.8.4

• This release fixes a security issue in the rustls-webpki crate: RUSTSEC-2023-0053. This issue affects Portier Broker >= 0.8.0, < 0.8.4, except custom builds that use the native-tls feature flag. Upgrading is strongly recommended.
• Pasting the email confirmation code in the form now trims whitespace, improving compatibility with certain email clients. (by @jimdigriz)
• It is now possible to pass _login_hint instead of login_hint to force the broker to render the email input form, but with a prefill. (by @jimdigriz)

v0.8.3

This release fixes a security issue in the openssl crate: RUSTSEC-2023-0044

This issue affects Portier Broker < 0.8.0 on Linux, as well as source builds of >= 0.8.0, < 0.8.3 on Linux that used the native-tls feature flag. Regular builds of >= 0.8.0 use Rustls instead of OpenSSL, and are thus not affected. Upgrading is strongly recommended.

v0.8.2

• This release fixes CVE-2023-26964, a moderate severity issue in the h2 crate. Portier Broker is affected by this primarily in outgoing Webfinger requests or OpenID Connect discovery requests, which may use HTTP/2 connecting to untrusted hosts. Upgrading is recommended.

• This release adds support for listening on Unix sockets via socket activation. See the updated example systemd socket unit.

v0.8.1

• This release fixes three security issues in the openssl crate: RUSTSEC-2023-0022, RUSTSEC-2023-0023, RUSTSEC-2023-0024.

  These issues affect Portier Broker < 0.8.0 on Linux, as well as source builds of >= 0.8.0, < 0.8.1 on Linux that used the native-tls feature flag. Regular builds of >= 0.8.0 use Rustls instead of OpenSSL, and are thus not affected. Upgrading is strongly recommended.

• The broker is now packaged as a Nix flake, and may be used as an input with, for example, the URL: "github:portier/portier-broker/v0.8.1"

v0.8.0

• This release switches the default TLS implementation to Rustls. The broker may use TLS to connect to mailservers, to perform OpenID Connect discovery requests, and to perform Webfinger requests.

  The Rustls implementation will still use the system root certificate store on all platforms (and honors OpenSSL environment variables to find it), so this change should be mostly transparent.

  Official release builds will use Rustls going forward. The native-tls backend is still available via feature flags when building from source.

• The broker can now generate RSA keypairs without the help of the openssl command-line tool. This is implemented using the rsa crate. A new option rsa_modulus_bits allows configuring the size of the RSA keypair generated, and defaults to 2048. (The same as the old default for generate_rsa_command).

  The generate_rsa_command option is still available, so if it is set, the broker will still invoke an external command to generate keypairs.

• Linux release builds (and Docker images) are now also available for armv7 (32-bit ARM with hard-float).

• Linux release builds (and Docker images) are now static binaries built using musl libc.

  This change should be mostly transparent. It is still possible to make glibc builds by building from source.

  A possible concern when upgrading to this version is that it no longer uses NSS to resolve hostnames, because this is not supported by musl libc. This may be an issue if you were using mDNS, LDAP, or some other NSS module to resolve your mailserver, for example.

• Docker images are now also available on GitHub Container Registry as ghcr.io/portier/portier-broker. This is in addition to Docker Hub, and these are the exact same images.

• Docker images are now based on an Alpine Linux base.

  Note that the user ID the brokers runs as inside the container has also changed from 999 to 2000.