This is an automated email from the ASF dual-hosted git repository. chibenwa pushed a commit to branch changelog-07-09-2026 in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 830f20714740dc958074a38b6048d895a41711ad Author: Benoit TELLIER <[email protected]> AuthorDate: Thu Jul 9 10:36:57 2026 +0200 [CHANGELOG] Refresh changelog --- CHANGELOG.md | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b565f31712..37c4fcb17a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,165 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) ## [unreleased] +### Removals + + - [REMOVAL] Remove `james-server-cassandra-app`. Please use the distributed server instead. + - JAMES-4155 Drop now retired Derby in favor of H2 (#2875) + - JAMES-4176 Retire `email_query_view_sent_at` Cassandra table + - JAMES-4187 Drop Cassandra email query view look up table + +### Security + + - JAMES-4193 Correct BoringSSL TLS 1.3 cipher suite sanitizing that led to disabled TLS 1.3 (#3029) + - JAMES-4201 Implement granular password access control in webadmin (`password.readonly` and `password.nodelete`) + - JAMES-4171 Allow configuring a strong distinction between submission and MX ports + - JAMES-4158 Allow IMAP to specify per-port administrators + - JAMES-4183 AllowedUnauthenticatedSender mail hook, using PROXY protocol to inject source IP + - JAMES-4162 Allow usage of `<>` sender for authenticated users (cf RFC-8098) + - JAMES-4207 Do not announce capabilities after authentication + - [FIX] Correct `Right.read` check in `StoreMessageIdManager::setInMailboxesReactive` (#2842) + - [FIX] `MailboxManager::create` should not propagate lookup only + - [FIX] Handle Lookup write propagation in complex sharing scenarios + - [FIX] `findNonPersonalMailboxes`: handle null rights + - [ENHANCEMENT] OIDC SASL should validate `aud` upon token verification, without requiring introspection + - [UPGRADE] ActiveMQ 6.2.1 -> 6.2.7 and Artemis 2.52.0 -> 2.55.0 (fixes numerous CVEs) + - [UPGRADE] Netty 4.1.126.Final -> 4.1.132.Final (CVE-2025-67735) + - [UPGRADE] Log4J 2.24.3 -> 2.25.4 (CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480) + - [UPGRADE] Spark java 3.0.2 -> 3.0.4 (CVE-2026-1605) + - [UPGRADE] Logback 1.5.18 -> 1.5.19 (CVE-2025-11226) + - [UPGRADE] BouncyCastle 1.81 -> 1.82 + - [UPGRADE] Adopt MIME4J 0.8.14 (#3032) + - [UPGRADE] Adopt Tika 3.2.3.0 + - [UPGRADE] Cassandra driver 4.19.0 -> 4.19.1 (#2859) + - [UPGRADE] ical4j 4.1.1 -> 4.2.5 + - [UPGRADE] RSpamD 3.12.0 -> 3.14.3 and Kvrocks 2.12.1 -> 2.15.0 (#3027) + - [UPGRADE] commons-text 1.13.1 -> 1.15.0, commons-configuration2 2.12.0 -> 2.15.0 + +### New Features + + - JAMES-4210 Protocol neutral SASL SPI, allowing custom IMAP SASL mechanisms to be plugged in + - JAMES-4195 JMAP OIDC authentication, including a Redis backed token cache and a backchannel logout route + - ManageSieve now supports OIDC authentication via the XOAUTH2 and OAUTHBEARER mechanisms + - JAMES-3340 & JAMES-4166 Support `collapseThreads` for JMAP `Email/query` (Memory, Cassandra, Postgres, OpenSearch and Lucene) + - JAMES-4148 JMAP filtering rules: `moveTo` action, flag criteria, `ANY` comparator for custom headers, date based criteria, plus webadmin routes to run a rule on a mailbox or on all users + - JAMES-4185 Ability to browse the deleted message vault, query it by messageId, and work with the vault of deleted users + - JAMES-4204 Webadmin endpoint to restore a mailbox backup from a zip file, with a `force` parameter + - JAMES-4196 Allow CRUD operations on shared folders for JMAP (#2988) + - [ENHANCEMENT] Implement negative ACL for JMAP + - JAMES-4157 Implement JMAP `Blob/copy` (#2896) + - JAMES-3728 Implement `MessageIdManager::updateEmail`, allowing `Email/set` update to combine move and setFlags + - JAMES-4203 Add Identity events, plugged into `CustomIdentityDAO` + - JAMES-3893 Allow deleting identities via WebAdmin + - JAMES-4181 Webadmin: Ability to move emails between repositories (#2954) + - JAMES-4189 Ability to list users by domain + - JAMES-4091 Paginate and sort connected users + - JAMES-4164 VacationMailet: add support for `replyMode` + - [ENHANCEMENT] Support StartTLS, SSL and Proxy protocol for LMTP (#3043) + - JAMES-4200 Allow configuring ActiveMQ disk and temp usage limits, with sane defaults + - JAMES-4152 Allow disabling sequence number (#2857) + - JAMES-3376 Allow configuring the `Email/query` default limit + - JAMES-4190 Allow registering read only IMAP annotations (#2975) + - JAMES-4150 Make attachment storage optional for the PostgreSQL message store (#2885) + - JAMES-3062 Allow ignoring non-critical groups in the event dead letters healthcheck + - JAMES-4165 Deprioritize non critical groups upon event dead letter redelivery (#2917) + - JAMES-4159 EventBus configuration for execution rate and timeout + - JAMES-4177 Finer grain management of Cassandra profiles (#2951) + - JAMES-4153 DKIMSign: allow interpolating the domain in the signature template (#2861) + - JAMES-4193 Configurable SSL session cache, and a TCNative based `Encryption.Factory` + - MAILBOX-401 Allow search on mailing list subject prefix + - [ENHANCEMENT] ManageSieve capabilities (#2916) + - [ENHANCEMENT] Allow extending subaddressing (#2946) + - [ENHANCEMENT] Allow using Auth Bearer with the webadmin password mechanism (#2848) + - [ENHANCEMENT] Enable configuring the OpenSearch timeout (#2867) + - [ENHANCEMENT] Attribute for forwarded mail (#3036) + - [ENHANCEMENT] `BlobResolver::validateAccess` allows validating user access to a blobId without fetching the full content (#3051) + - JAMES-4209 `CassandraMessagesDAOV3`: optionally write recovery infos (#3053) + - JAMES-4205 Create default mailboxes after OIDC login + - JAMES-4140 Allow resetting IMAP command throttling upon specific commands + - [AUDIT TRAIL] Mailbox creation and rename, IMAP CLOSE, message deletion, JMAP message moves, and MDC integration + +### Fixes + + - [FIX] JMAP DownloadRoutes: avoid noisy benign `IllegalStateException` upon mid-stream errors + - [FIX] `ICALAttributeDTO` should sanitize invalid dtstamp (#3084) + - [FIX] Better handle `InterruptedException` in `receiveMessageInTimespan` (#3083) + - JAMES-4214 Pass message rather than InputStream so that several body parts can be read (#3081) + - [FIX] `MessageManager::setFlags` should support overlapping ranges + - [FIX] RabbitMQ: Allow disabling notification queue auto delete in favor of `x-expires` + - [FIX] Cross domain RRT was listing non existing addresses + - [FIX] Prevent PostgreSQL pool poisoning + - [FIX] `StoreMailboxManager::renameSubMailboxes` should change namespace + - [FIX] Cassandra folder rename: several correctness fixes, including using SERIAL for the initial picture and basing decisions on a truth table + - [FIX] `SolveMailboxInconsistencies`: run several times until convergence, address all possible failures, fix duplicated `mailboxPathV3` registration, and recover from failed `mailboxPathV3` deletion upon rename. An `autoMerge` mode (defaulting to false) was added. + - [FIX] Account for consistency choices within `SolveMessageInconsistenciesService` and `RecomputeMailboxCountersService` + - [FIX] User rename: handle submailbox edge cases, simplify the rename dance when the destination exists, and return the correct quota when the target address is not empty + - [FIX] Avoid 500 upon mail repository download (#3064) + - [FIX] Quota recomputation should trigger a QuotaUpdate event (#3054) + - [FIX] MOVE/COPY should not exceed batch size in published events (#3047) + - JAMES-4206 Don't log a stacktrace on every ManageSieve logout + - [FIX] Async connection checks in IMAP (#3009) + - [FIX] `EhloCommandHandler` should handle domain labels starting with numbers (#3006) + - [FIX] LDAP user listing should ignore invalid users (#3003) + - [FIX] Prevent stackoverflow in IMAP SEARCH (#3007) + - [FIX] `jakarta.mail.internet.ParseException: Unbalanced quoted string` (#3002) + - [FIX] DKIMHook: lenient address mode (#2990) + - [FIX] Subscribe `Restored-Messages` for the mailbox to be visible in IMAP (#2976) + - [FIX] `CassandraEventDeadLetters` should remove the group when removing the last event of the group + - [FIX] `VacationRoutes` error handling (#2942) + - [FIX] Back `MessageParser` and parsing results with LeakAware (#2937) + - [FIX] Improve leak management when an error occurs + - JAMES-4199 Ensure `MailQueueIterator` is closed to prevent memory leaks (e.g. ActiveMQ leaking open browsers) + - [FIX] Use `JdkZlibDecoder`/`JdkZlibEncoder` in IMAP compress for immediate flush + - [FIX] Failing class cast in `IMAPCommandThrottler` (#2838) + - JAMES-3816 Correct `ReactiveThrottler` cancellation and set an upper bound to its tasks in order to prevent depletion + - [ENHANCEMENT] Make IMAP `ReactiveThrottler` more reliable under load (#3012) + - JAMES-4172 Fix truncated downloads for non-SingleBody `EmailBodyPart` (#2940) + - JAMES-3872 JMAP `Email/get`: fix and test the attachment read level (#2868, #2870, #2871) + - [FIX] JMAP Filtering: `AddressHeader::parseFullAddress` should leniently parse malformed address headers (#2856) + - JAMES-4086 FoldLongLines: handle folded content exceeding the line length (#2851) + - JAMES-4135 Search query string heuristics should not trigger on a bracket alone, and only trigger on a leading `-` + - JMAP: normalize charset case (#2877) + - JAMES-3885 Forbid using the same user as source and target of a user rename (#2847) + - JAMES-2314 Log unexpected webadmin errors (#2849) + - [FIX] Correct Reactor error handling flow in the DTM deletion callback (#2865) + - JAMES-4173 Fix EE11 & EE10 mixture (#2944) + - JAMES-4177 Fix typo in the default `cassandra-driver.conf` (#2959) + - [FIX] `outgoingQueue` => `outgoing` for the RemoteDelivery mailet in `mailetcontainer.xml` examples + - JAMES-4191 Deleted message vault and fast view projection should only act when the owner no longer references the deleted message + - [ENHANCEMENT] Log stacktraces in DEBUG mode for protocol level failures + - [FIX] Limit the subject length for indexation to not exceed the Lucene raw indexation max size limit + - [FIX] Maven release plugin and maven source plugin configuration was broken + +### Performance + + - JAMES-4182 Implement `ZstdBlobStoreDAO`, allowing blob compression (#3016) + - JAMES-4198 Heuristic to skip attachment parsing based on message headers + - JAMES-4202 OpenSearch: group single uid clauses into a single term + - JAMES-4166 JMAP search: drop scroll search, use from/size pagination and push the offset onto the search engine + - [PERF] Precompute ResultSet indexes on large IMAP processings (#2974) + - JAMES-4188 Improve range optimization to account for non-contiguous ranges (#2972) + - JAMES-4184 POP3 `TOP msg 0` only reads headers (#2965) + - JAMES-4194 Tiering: max threading window (#2987) + - JAMES-4123 Improvement for the deleted search override: handle the ALL criterion + - JAMES-4200 ActiveMQ: prevent the embedded broker from claiming up to 70% of the JVM memory + - JAMES-2937 Distributed task manager enhancements (#2858) + - [IMPROVEMENT] `MailboxMergingTask`: better reactive code and increased concurrency + - JAMES-4182 Fix a blocking call in `CassandraAttachmentMapper::loadAttachmentContent` + - [ENHANCEMENT] Metrics and logs for the IMAP FETCH local cache + - JAMES-3816 Record concurrent IMAP request count + +### Build + + - [devscout] Bootstrap a reproducible development environment + - [JAMES-4175] Improve documentation build repeatability and fix the maven site build + - [JAMES-3187] Restructure the documentation into per-server partials, and rewrite the IMAP, SMTP, LMTP, ManageSieve, POP3 and TLS docs + - Improve Scala compilation caching and build config (#2967) + - Upgrade Testcontainers core to 2.0.2 + - JAMES-4161 Add Mockito as a javaagent + - Split `IMAPServerTest` into focused test classes + - Isolate JMAP contract tests using different users, improving test stability + - ADR-75 Deleted Message Vault (#2890) + ## [Unreleased 3.9.x] No changes yet. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
