+pmg-api (8.1.0) bookworm; urgency=medium
+
+ * fix #5189: cluster: avoid sync errors for statistics and quarantine due to
+ existing data on fresh nodes, which can happen, for example, when
+ restoring a backup.
+
+ * pmgdb dump:
+ - print the type of an object to better differentiate, e.g., an domain
+ entry from a regex entry with the same value.
+ - better highlight active rules over inactive ones
+ - drop "found" prefixes for each rule and group as that conveyed little
+ information, still clutters the output.
+ - add `active` CLI options to control if only active rules should be
+ printed
+
+ * quarantine: sort the per-user want- and block-lists entries when saving
+ them to the DB
+
+ * postfix template: update to current default setting (name) for the SMTP
+ Smuggling vulnerability in postfix version 3.7.10 and newer.
+
+ * api: tracking center: drop timezone offset as new log-tracker does time
+ calculations directly in UTC
+
+ * fix #2971: DKIM: Add a setting to specify whether to use the from-header
+ for signing instead of the current default envelope-from-address.
+
+ * api: node status: return structured info about current kernel
+
+ * api: node status: return info about current boot mode
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 26 Feb 2024 20:26:57 +0100
+
+pmg-api (8.0.12) bookworm; urgency=medium
+
+ * fix #4818: utils: don't require minimum length for username
+
+ * fix #4811: rule db: test regex validity on submit
+
+ * system report: add content of /etc/pmg/dkim/domains
+
+ * rule cache: reorganize how we gather marks and spaminfo and unnecessary
+ copying of marks
+
+ * smtp-filter: log pre-fork worker settings on start-up
+
+ * config: rework heurisitic for calculating the maximzm smtp-filter process
+ workers to better reflect modern setups w.r.t. total system memory
+
+ * add objectgroup and rule attributes for 'and' and 'invert' logical
+ operators
+
+ * rule cache: implement 'and' and 'invert' for the 'when', 'from', 'to' and
+ what objects
+
+ * pmg-smtp-filter: rename proxtest.com to pmg.example in demo code paths to
+ avoid potential name squatting
+
+ * database: use foreign keys for rule and object group attributes
+
+ * fix #4392: keep empty user blocklist and wantlist in the database to
+ ensure they get synced correctly to other nodes
+
+ * templates: postfix: set same timeouts for before and after-queue (10
+ minutes)
+
+ * config: postfix: make smtp-filter-timeout configurable
+
+ * fix #2606: ruledb disclaimer: add ability to set position to start or end
+
+ * fix #2430: ruledb disclaimer: make adding the separator configurable
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 22 Feb 2024 17:26:12 +0100
+
+pmg-api (8.0.11) bookworm; urgency=medium
+
+ * fix invalid whitespaces in master.cf template introduced in 8.0.10
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 02 Jan 2024 12:53:36 +0100
+
+pmg-api (8.0.10) bookworm; urgency=medium
+
+ * address smtp-smuggling vulnerability (CVE-2023-51764) with the fix
+ recommended by postfix upstream by disallowing bare linefeeds, except from
+ internal sources, requires postfix version 3.7.9-0+deb12u1 to take effect
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 02 Jan 2024 11:51:22 +0100
+
+pmg-api (8.0.9) bookworm; urgency=medium
+
+ * implement "SMTP-smuggling" mitigation for external port - see
+ https://www.postfix.org/smtp-smuggling.html for details
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 22 Dec 2023 11:16:42 +0100
+
+pmg-api (8.0.8) bookworm; urgency=medium
+
+ * fix #4944: api/pbs remote: Add a port config
+
+ * user quarantine: use raw pmail for ticket assembly
+
+ * reduce the logging level of certain messages
+
+ * apt: use `apt changelog` for changelog fetching
+
+ * api/cli: acme: add eab parameters
+
+ * api: acme: deprecate tos endpoint in favor of new meta endpoint
+ * api: quarantine: include descriptions for KAM rules in the spaminfo
+
+ * pmg7to8: Add check for dkms modules
+
+ * pmg7to8: check for proper grub meta-package for bootmode
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 20 Dec 2023 10:58:29 +0100
+
+pmg-api (8.0.7) bookworm; urgency=medium
+
+ * handle pve-kernel -> proxmox-kernel rename
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 01 Aug 2023 11:53:07 +0200
+
+pmg-api (8.0.6) bookworm; urgency=medium
+
+ * cluster: fingerprint parsing: adapt to changed openssl output
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 25 Jul 2023 11:32:42 +0200
+
+pmg-api (8.0.5) bookworm; urgency=medium
+
+ * cluster config: restrict slurp scope to avoid issue parsing network
+ interfaces
+
+ * pmg7to8: notify about unmodified templates
+
+ * system report: skip irrelevant files in /etc/pmg/templates
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 11 Jul 2023 17:53:49 +0200
+
+pmg-api (8.0.4) bookworm; urgency=medium
+
+ * fix #4815: pmgsh: fix calling the api paths directly
+
+ * statistics: fix syntax of SQL query for virus info counter update
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 03 Jul 2023 12:42:23 +0200
+
+pmg-api (8.0.3) bookworm; urgency=medium
+
+ * pmgpolicy, pmg-smtp-filter: set sensible PATH to ensure that standard
+ system binaries can be executed even if just their base name is used.
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 28 Jun 2023 17:42:32 +0200
+
+pmg-api (8.0.2) bookworm; urgency=medium
+
+ * make section match more precise when hard-coding 'use_bayes' & 'use_awl'
+ properties
+
+ * tell the systemd debhelper to not stop the no-start services on upgrade,
+ avoiding noisy warnings for those with an associated timer and also that
+ any currently running operation of those services gets aborted
+
+ * enable TFA lockout, for the relatively low-entropy TOTP type after 8
+ consecutive tries, for all other types after 1000 consecutive tries, as
+ they have much higher entropy
+
+ * include tfa lock status in user list and add user tfa-unlock endpoint
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 28 Jun 2023 11:12:57 +0200
+
+pmg-api (8.0.1) bookworm; urgency=medium
+
+ * include version metadata again in statically generated pmgcfg module again
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 28 Jun 2023 08:04:50 +0200
+
+pmg-api (8.0.0) bookworm; urgency=medium
+
+ * d/postinst: remove re-generation of unique machine-ID for old ISOs
+
+ * cluster: adapt invocation of rsync for the version in Debian 12 Bookworm
+
+ * postgresql compat: cast results explicitly to integer to cope with
+ PostgreSQL 15 changes where UNIX epochs are returned as float
+
+ * auth: set PAM context to 'proxmox-mailgateway-auth' and set the rhost to
+ the IP address the users connects with, allowing one to limit PAM login to
+ certain networks.
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 27 Jun 2023 18:20:30 +0200
+
+pmg-api (8.0.0~1) bookworm; urgency=medium
+
+ * re-build for Proxmox Mail Gateway 8 based on Debian 12 Bookworm
+
+ * update postgresql dependency to 15
+
+ * postgresql.conf template: drop 'stats_temp_directory' config-setting as it
+ was deprecated by upstream PostgreSQL 14 and removed with 15.
+
+ * explicitly depend on rsyslog for the tracking center, as rsyslog doesn't
+ gets installed by default in Debian 12 Bookworm anymore
+
+ * config: disable awl and bayes by default
+
+ * config: disable advanced statistic filters by default
+
+ * debian/postinst: hard code old default values for 'advfilter',
+ 'use_bayes' & 'use_awl' during upgrade to 8.0.0
+
+ * grant 'root' and 'www-data' users respective permissions on public schema
+ for newly created databases
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 26 Jun 2023 17:43:06 +0200
+
+pmg-api (7.3-4) bullseye; urgency=medium
+
+ * ruledb: match field: improve validation of regular expressions on addition,
+ warn for existing invalid ones.
+
+ * d/maintscripts: prevent aborting on errors in some commands
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jun 2023 10:30:31 +0200
+
+pmg-api (7.3-3) bullseye; urgency=medium
+
+ * config schema: document postfix option for smtputf8 flag
+
+ * quarantine: delete Delivered-To and Return-Path when reinjecting mails,
+ fixing a (unpublished) regression with postfix's forwarding loop detection
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 28 Mar 2023 07:42:19 +0200
+
+pmg-api (7.3-2) bullseye; urgency=medium
+
+ * config schema: extend documentation for options
+
+ * templates: adapt to new path for KAM rules in proxmox-spamassassin
+
+ * report: add `date -R` to general system info section
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 27 Mar 2023 12:59:53 +0200
+
+pmg-api (7.3-1) bullseye; urgency=medium
+
+ * proxy: initialize the theme variable with an empty string
+
+ * smtputf8: keep smtputf8 from incoming postfix, detect for local mail
+
+ * config: make smtputf8 configurable through the API
+
+ * reinject mail: improve error logging
+
+ * quarantine: reuse the reinject local mail helper to profit from some of
+ it's recent improvements like IPv6 or DSN.
+
+ * api: quarantine: decode addresses before delivery/userlisting
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 23 Mar 2023 17:29:01 +0100
+
+pmg-api (7.2-5) bullseye; urgency=medium
+
+ * fix #4536: parse original filenames from gzip files
+
+ * proxy: add support for switching themes
+
+ * ruledb: spam: adapt to spamassassin 4.0.0
+
+ * templates: sync spamassassin templates with 4.0.0 upstream
+
+ * templates: enable DecodeShortUrls for SpamAssassin 4.0.0
+
+ * templates: enable DMARC plugin in v400.pre.in
+
+ * fix #2437: config: Add new tls_inbound_domains postfix map and add API
+ endpoint for managing entries
+
+ * config: warn on parse errors for tls related config files
+
+ * fix #4521: api/tasks: replace upid as filename for task log downloads
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 21 Mar 2023 12:59:25 +0100
+
+pmg-api (7.2-4) bullseye; urgency=medium
+
+ * fix #4410: Remove non-null host bits from CIDR when writing postfix
+ config
+
+ * utils: skip checking headers for non-ascii characters as stop gap to avoid
+ breaking mail flow of a few setups that have smtputf8 disabled in their
+ postfix config (e.g., because their downstream servers do not support this)
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 25 Jan 2023 11:01:14 +0100
+
+pmg-api (7.2-3) bullseye; urgency=medium
+
+ * keep directories in /etc/pmg for inotify when restoring from backup
+
+ * rulecache: sort rules additionally by id
+
+ * fix mailflow if smtputf8 is disabled
+
+ * pmgdb dump: encode ruledata before printing
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 27 Dec 2022 11:17:13 +0100
+
+pmg-api (7.2-2) bullseye; urgency=medium
+
+ * d/control: depend directly on libproxmox-acme-plugins
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 30 Nov 2022 10:46:04 +0100
+
+pmg-api (7.2-1) bullseye; urgency=medium
+
+ * queue administration: try to decode utf8
+
+ * make tasklog downloadable in the PMG backend
+
+ * user accesslists: reword logging and hits for newer SA rule sets
+
+ * user-bl: use custom description of USER_IN_BLOCKLIST consistently
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2022 15:48:26 +0100
+
+pmg-api (7.1-11) bullseye; urgency=medium
+
+ * fix #3287: add `pmail` parameter to virus and attachment quarantine list to
+ allow one to filter for a specific mail
+
+ * fix #2541 ruledb: encode relevant values as utf-8 in database
+
+ * fix #2465: handle smtputf8 addresses in all but who-objects of the
+ rule-system
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 24 Nov 2022 16:43:19 +0100
+
+pmg-api (7.1-10) bullseye; urgency=medium
+
+ * fix #4006: do not split from header on ', ' for spamreport mails
+
+ * ruledb: modfield: properly handle fields spanning multiple lines
+
+ * ruledb: add deprecation warnings for unused `ReportSpam`, `Attach` and
+ `Counter` actions
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 16 Nov 2022 09:03:52 +0100
+
+pmg-api (7.1-9) bullseye; urgency=medium
+
+ * api: quarantine: allow 'list attachments' endpoint for quarantine users,
+ they can see them in the raw email display already anyway
+
+ * api: quarantine: add 'content-disposition' field to response of 'list
+ attachments' API
+
+ * ruledb: modfield: properly encode field after variable substitution
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 11 Nov 2022 13:48:23 +0100
+
+pmg-api (7.1-8) bullseye; urgency=medium
+
+ * api: apt versions: track proxmox-offline-mirror-helper
+
+ * fix #4269: rule cache: from match: cope with undefined IP
+
+ * rule database: notify: properly en-/decode the mail subject to avoid issues
+ with non-ascii characters, like for example, the reported chinese
+ characters.
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 28 Oct 2022 11:42:15 +0200
+
+pmg-api (7.1-7) bullseye; urgency=medium
+
+ * d/control: recommend proxmox-offline-mirror-helper
+
+ * d/postinst: migrate/update APT auth config
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 14 Sep 2022 13:17:58 +0200
+
+pmg-api (7.1-6) bullseye; urgency=medium
+
+ * subscription: handle missing subscription info
+
+ * fix #3915: remove obsolete /etc/apt/apt.conf.d/75pmgconf
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 08 Sep 2022 15:04:49 +0200
+
+pmg-api (7.1-5) bullseye; urgency=medium
+
+ * add 'allow-subdomains' to webauthn schema
+
+ * subscription: switch to rust, add offline key support
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 6 Sep 2022 10:35:09 +0200
+
+pmg-api (7.1-4) bullseye; urgency=medium
+
+ * rulesystem: matchfield: match all headers not only the first
+
+ * config: avoid adding a specific IPs or networks multiple times to
+ the template variables
+
+ * api: quarantine: load custom rules description so that they show up
+ in the GUI too
+
+ * pmg-daily: avoid short-circuting update of local channels
+
+ * api: apt: switch to common Proxmox::RS::APT::Repositories package
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 13 Jul 2022 11:15:00 +0200
+
+pmg-api (7.1-3) bullseye; urgency=medium
+
+ * fix duplicate 'x-ms-dos-executable' in default 'Dangerous Content' object
+
+ * daily update timer: start already on 01:00 to avoid dst change issue
+
+ * fix #3924: ldap: accept only valid email-address
+
+ * Proxmox Backup Server integration: namespace support
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 16 May 2022 12:20:42 +0200
+
+pmg-api (7.1-2) bullseye; urgency=medium
+
+ * fix #3758: allow empty `to` in noqueue case
+
+ * postfix queue: add 'decode-headers' option for read endpoint
+
+ * http server: pass TLS 1.3 ciphersuites and disable-TLS-1.2/1.3 options if
+ set
+
+ * utils: change working directory to root before executing postgres admin
+ commands, to avoid that restrictions of the current CWD from the user
+ doesn't cause failing the command.
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 03 Feb 2022 11:37:51 +0100
+
+pmg-api (7.1-1) bullseye; urgency=medium
+
+ * rulesystem: limit linelength of disclaimer to 998 bytes
+
+ * fix #3734: scrub CSS 'url' from style tags/attributes if view-images is
+ disabled for the quarantine
+
+ * fix #2795: add support for Delivery Status Notification (DSN)
+
+ * add support for two factor authentication with TOTP, recovery codes and
+ WebAuthn to the admin interface
+
+ -- Proxmox Support Team <support@proxmox.com> Sun, 28 Nov 2021 21:04:58 +0100
+
+pmg-api (7.0-9) bullseye; urgency=medium
+
+ * fix #2071: RuleDB: ignore duplicate entries for Who objects
+
+ * api: ldap config: sync with the complete config
+
+ * fix #3712: strip any trailing dot from the search-domain when passing it to
+ postifx
+
+ * api: journal: stream the journal data to the client
+
+ * api-daemons: make systemd restart them on-failure
+
+ * api-dameons: set oom-policy to `continue` so that a single (replacable)
+ worker getting OOM-killed does not bring down the whole service
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 24 Nov 2021 19:13:29 +0100
+
+pmg-api (7.0-8) bullseye; urgency=medium
+
+ * api: apt: repos: avoid creating implicit default for enabled
+
+ * api: apt: use pmg-style permission for endpoint schema to allow access to
+ admins that aren't root@pam
+
+ * prefer more flexible get_local_ip where possible, it still prefers the
+ resolved hostname but falls back to configured or active IPs. Especially
+ useful for evaluation and initial (CT template) setups.
+
+ * pmgbanner: retry getting local IP for a bit in case of failure, this should
+ be only relevant for evaluation and initial setups where the hostname may
+ not yet resolve to the primary IP address.
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 20 Sep 2021 08:17:18 +0200
+
+pmg-api (7.0-7) bullseye; urgency=medium
+
+ * pmgversion: do not show packages with residual config as being in an error
+ installation state
+
+ * api: apt versions: add ifupdown(2), libproxmox-acme-* and pmg-i18n to
+ packages included in the version report.
+
+ * api: implement live network reload with ifupdown2
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 19 Jul 2021 09:04:25 +0200
+
+pmg-api (7.0-6) bullseye; urgency=medium
+
+ * fix cluster join when large ssh-rsa keys are setup
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 14 Jul 2021 17:54:03 +0200
+
+pmg-api (7.0-5) bullseye; urgency=medium
+
+ * d/control: recommend ifupdown2 and suggest zfsutils-linux
+
+ * switch enterprise repository over to bullseye
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 14 Jul 2021 11:58:48 +0200
+