CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## [3.5.0.0] - 2025-03-16
+
+## Changed
+
+- [Update to Radicale 3.5.0](https://github.com/tomsquest/docker-radicale/pull/181)
+
 ## [3.4.1.0] - 2025-01-31
 
 ## Changed

Dockerfile

@@ -4,7 +4,7 @@ ARG COMMIT_ID
 ENV COMMIT_ID=${COMMIT_ID}
 
 ARG VERSION
-ENV VERSION=${VERSION:-3.4.1}
+ENV VERSION=${VERSION:-3.5.0}
 
 ARG BUILD_UID
 ENV BUILD_UID=${BUILD_UID:-2999}

config

@@ -41,6 +41,15 @@ hosts = 0.0.0.0:5232
 # TCP traffic between Radicale and a reverse proxy
 #certificate_authority =
 
+# SSL protocol, secure configuration: ALL -SSLv3 -TLSv1 -TLSv1.1
+#protocol = (default)
+
+# SSL ciphersuite, secure configuration: DHE:ECDHE:-NULL:-SHA (see also "man openssl-ciphers")
+#ciphersuite = (default)
+
+# script name to strip from URI if called by reverse proxy
+#script_name = (default taken from HTTP_X_SCRIPT_NAME or SCRIPT_NAME)
+
 
 [encoding]
 
@@ -54,31 +63,110 @@ hosts = 0.0.0.0:5232
 [auth]
 
 # Authentication method
-# Value: none | htpasswd | remote_user | http_x_remote_user
-#type = none
+# Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | pam | denyall
+#type = denyall
+type = none
+
+# Cache logins for until expiration time
+#cache_logins = false
+
+# Expiration time for caching successful logins in seconds
+#cache_successful_logins_expiry = 15
+
+## Expiration time of caching failed logins in seconds
+#cache_failed_logins_expiry = 90
+
+# URI to the LDAP server
+#ldap_uri = ldap://localhost
+
+# The base DN where the user accounts have to be searched
+#ldap_base = ##BASE_DN##
+
+# The reader DN of the LDAP server
+#ldap_reader_dn = CN=ldapreader,CN=Users,##BASE_DN##
+
+# Password of the reader DN
+#ldap_secret = ldapreader-secret
+
+# Path of the file containing password of the reader DN
+#ldap_secret_file = /run/secrets/ldap_password
+
+# the attribute to read the group memberships from in the user's LDAP entry (default: not set)
+#ldap_groups_attribute = memberOf
+
+# The filter to find the DN of the user. This filter must contain a python-style placeholder for the login
+#ldap_filter = (&(objectClass=person)(uid={0}))
+
+# the attribute holding the value to be used as username after authentication
+#ldap_user_attribute = cn
+
+# Use ssl on the ldap connection
+#ldap_use_ssl = False
+
+# The certificate verification mode. NONE, OPTIONAL, default is REQUIRED
+#ldap_ssl_verify_mode = REQUIRED
+
+# The path to the CA file in pem format which is used to certificate the server certificate
+#ldap_ssl_ca_file =
+
+# Connection type for dovecot authentication (AF_UNIX|AF_INET|AF_INET6)
+# Note: credentials are transmitted in cleartext
+#dovecot_connection_type = AF_UNIX
+
+# The path to the Dovecot client authentication socket (eg. /run/dovecot/auth-client on Fedora). Radicale must have read / write access to the socket.
+#dovecot_socket = /var/run/dovecot/auth-client
+
+# Host of via network exposed dovecot socket
+#dovecot_host = localhost
+
+# Port of via network exposed dovecot socket
+#dovecot_port = 12345
+
+# IMAP server hostname
+# Syntax: address | address:port | [address]:port | imap.server.tld
+#imap_host = localhost
+
+# Secure the IMAP connection
+# Value: tls | starttls | none
+#imap_security = tls
+
+# OAuth2 token endpoint URL
+#oauth2_token_endpoint = <URL>
+
+# PAM service
+#pam_serivce = radicale
+
+# PAM group user should be member of
+#pam_group_membership =
 
 # Htpasswd filename
 #htpasswd_filename = /etc/radicale/users
 
 # Htpasswd encryption method
 # Value: plain | bcrypt | md5 | sha256 | sha512 | autodetect
 # bcrypt requires the installation of 'bcrypt' module.
-#htpasswd_encryption = md5
+#htpasswd_encryption = autodetect
+
+# Enable caching of htpasswd file based on size and mtime_ns
+#htpasswd_cache = False
 
 # Incorrect authentication delay (seconds)
 #delay = 1
 
 # Message displayed in the client when a password is needed
 #realm = Radicale - Password Required
 
-# Сonvert username to lowercase, must be true for case-insensitive auth providers
+# Convert username to lowercase, must be true for case-insensitive auth providers
 #lc_username = False
 
+# Strip domain name from username
+#strip_domain = False
+
 
 [rights]
 
 # Rights backend
-# Value: none | authenticated | owner_only | owner_write | from_file
+# Value: authenticated | owner_only | owner_write | from_file
 #type = owner_only
 
 # File for rights management from_file
@@ -87,6 +175,9 @@ hosts = 0.0.0.0:5232
 # Permit delete of a collection (global)
 #permit_delete_collection = True
 
+# Permit overwrite of a collection (global)
+#permit_overwrite_collection = True
+
 
 [storage]
 
@@ -98,13 +189,64 @@ hosts = 0.0.0.0:5232
 #filesystem_folder = /var/lib/radicale/collections
 filesystem_folder = /data/collections
 
+# Folder for storing cache of local collections, created if not present
+# Note: only used in case of use_cache_subfolder_* options are active
+# Note: can be used on multi-instance setup to cache files on local node (see below)
+#filesystem_cache_folder = (filesystem_folder)
+
+# Use subfolder 'collection-cache' for 'item' cache file structure instead of inside collection folder
+# Note: can be used on multi-instance setup to cache 'item' on local node
+#use_cache_subfolder_for_item = False
+
+# Use subfolder 'collection-cache' for 'history' cache file structure instead of inside collection folder
+# Note: use only on single-instance setup, will break consistency with client in multi-instance setup
+#use_cache_subfolder_for_history = False
+
+# Use subfolder 'collection-cache' for 'sync-token' cache file structure instead of inside collection folder
+# Note: use only on single-instance setup, will break consistency with client in multi-instance setup
+#use_cache_subfolder_for_synctoken = False
+
+# Use last modifiction time (nanoseconds) and size (bytes) for 'item' cache instead of SHA256 (improves speed)
+# Note: check used filesystem mtime precision before enabling
+# Note: conversion is done on access, bulk conversion can be done offline using storage verification option: radicale --verify-storage
+#use_mtime_and_size_for_item_cache = False
+
+# Use configured umask for folder creation (not applicable for OS Windows)
+# Useful value: 0077 | 0027 | 0007 | 0022
+#folder_umask = (system default, usual 0022)
+
 # Delete sync token that are older (seconds)
 #max_sync_token_age = 2592000
 
-# Command that is run after changes to storage
-# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"")
+# Skip broken item instead of triggering an exception
+#skip_broken_item = True
+
+# Command that is run after changes to storage, default is emtpy
+#  Supported placeholders:
+#   %(user): logged-in user
+#  Command will be executed with base directory defined in filesystem_folder
+#  For "git" check DOCUMENTATION.md for bootstrap instructions
+# Example: git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"")
 #hook =
 
+# Create predefined user collections
+#
+# json format:
+#
+#  {
+#    "def-addressbook": {
+#       "D:displayname": "Personal Address Book",
+#       "tag": "VADDRESSBOOK"
+#    },
+#    "def-calendar": {
+#       "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
+#       "D:displayname": "Personal Calendar",
+#       "tag": "VCALENDAR"
+#    }
+#  }
+#
+#predefined_collections =
+
 
 [web]
 
@@ -122,17 +264,45 @@ filesystem_folder = /data/collections
 # Don't include passwords in logs
 #mask_passwords = True
 
+# Log bad PUT request content
+#bad_put_request_content = False
+
+# Log backtrace on level=debug
+#backtrace_on_debug = False
+
+# Log request header on level=debug
+#request_header_on_debug = False
+
+# Log request content on level=debug
+#request_content_on_debug = False
+
+# Log response content on level=debug
+#response_content_on_debug = False
+
+# Log rights rule which doesn't match on level=debug
+#rights_rule_doesnt_match_on_debug = False
+
+# Log storage cache actions on level=debug
+#storage_cache_actions_on_debug = False
 
 [headers]
 
 # Additional HTTP headers
 #Access-Control-Allow-Origin = *
 
+
 [hook]
 
 # Hook types
 # Value: none | rabbitmq
 #type = none
 #rabbitmq_endpoint =
 #rabbitmq_topic =
-#rabbitmq_queue_type = classic
+#rabbitmq_queue_type = classic
+
+
+[reporting]
+
+# When returning a free-busy report, limit the number of returned
+# occurences per event to prevent DOS attacks.
+#max_freebusy_occurrence = 10000

test_image_custom_build.py

@@ -12,7 +12,7 @@ def host():
             "-t",
             "radicale-under-test",
             "--build-arg",
-            "VERSION=3.2.0",
+            "VERSION=3.4.1",
             "--build-arg",
             "BUILD_UID=6666",
             "--build-arg",
@@ -44,7 +44,7 @@ def test_port(host):
 
 
 def test_version(host):
-    assert host.check_output("/venv/bin/radicale --version") == "3.2.0"
+    assert host.check_output("/venv/bin/radicale --version") == "3.4.1"
 
 
 def test_user(host):

test_image_prod.py

@@ -51,7 +51,7 @@ def test_port(host):
 
 
 def test_version(host):
-    assert host.check_output("/venv/bin/radicale --version") == "3.4.1"
+    assert host.check_output("/venv/bin/radicale --version") == "3.5.0"
 
 
 def test_user(host):