alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 10 Actions Activity

chore(deps): update stalwartlabs to v0.16.0 #6109

Open
renovate-bot wants to merge 1 commits from renovate/unified-stalwartlabs into main
pull from: renovate/unified-stalwartlabs
merge into: alexlebens:main
Conversation 0 Commits 1 Files Changed 2 +2 -2
renovate-bot commented 2026-04-20 20:21:10 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
ghcr.io/stalwartlabs/stalwart minor v0.15.5v0.16.0
stalwartlabs/mail-server minor 0.15.50.16.0

Release Notes

stalwartlabs/stalwart (ghcr.io/stalwartlabs/stalwart)

v0.16.0

Compare Source

[0.16.0] - 2026-04-20

This version includes multiple breaking changes. If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

  • Web UI rewritten from the ground up using the JMAP management API, featuring a refreshed design and addressing 76 enhancement requests and bug fixes.
  • CLI rewritten from the ground up to use the JMAP management API.
  • Security enhancements:
    • Password strength enforcement using the zxcvbn algorithm
    • Password expiration, rotation policies and IP address restrictions for user accounts
    • App Passwords with limited access (#​1609), labels (#​2255), IP address restrictions and expiration dates
    • API keys with limited access, labels, IP address restrictions and expiration dates
    • Auto-ban comments and details about the triggering event (#​1321)
    • Auto-ban expiration after a configurable time period (#​964)
  • DNS Management:
  • DKIM:
    • Automatic DKIM key generation, rotation and DNS management (#​368 #​961)
    • Store DKIM keys in the database (#​1264)
    • Ignore insecure signatures when verifying DKIM (#​1068 #​467)
  • ACME/TLS:
  • OIDC and OAuth:
    • JWT token validation without requesting userinfo from the OIDC provider.
    • Audience (aud) claim (#​2603) and scope validation support.
    • Groups support (#​1448)
    • RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients
  • LDAP:
  • Directory:
    • Masked email addresses for enhanced privacy (Enterprise)
    • Domain aliases (#​583)
    • E-mail alias descriptions and option to disable aliases (#​506)
    • Account archiving and un-deletion (#​2767) (Enterprise)
    • Per-domain directory backends (Enterprise)
  • Account configuration and discovery:
  • Sieve: Allow deactivating scripts without deleting them (#​1251).
  • Tracing: Enable events only mode (#​2276)
  • Clustering:
    • Automatic cluster node ID generation and management.
    • Unified cluster management (#​960)
    • Outbound MTA role (#​1692)

Changed

  • Replaced REST API with JMAP API (#​2262 #​959 #​1480)
  • Removed support for Authenticated Received Chain (ARC) sealing (learn more).
  • Directory: Removed smtp, imap and memory directory backends.
  • Use aws-lc for cryptographic operations instead of ring.
  • Use rustls-platform-verifier for TLS certificate verification instead of webpki (#​247).

Fixed

  • Directory:
    • Cannot remove built-in "admin" role from user once it was assigned (#​1467)
    • Delete associated records (#​963)
    • Updated Role permissions not applied (#​2038)
    • Recreated account cannot log in until server is restarted (#​1469)
    • Subaddressing does not work for groups (#​475)
    • New LDAP aliases are rejected (#​1318).
    • Validate account and group names (#​2209)
  • MTA:
    • RCPT TO stage settings improvements (#​2217 #​394)
    • Relay to IP addresses (#​838)
    • Duplicate delivery inverted check
    • SASL challenge responses include invalid Go ahead text
  • JMAP:
    • Fix inMailboxOtherThan query logic.
    • Fix hasAttachment search field (#​2778)
  • IMAP:
    • Increment argument max length to 8000 bytes
    • ACL: Add RIGHTS capability (#​2762)
    • ACL: Fix ACL SET permission override.
  • WebDAV:
    • Return 304 NOT_MODIFIED on If-None-Match
    • Use RFC 2616 instead of RFC 1123 for date formatting
    • Fix ACL container/item mismatch in reports.
    • CalDAV: Allow organized properties to be present in PUT requests if they are equal to the existing ones.
    • CalDAV: Enforce cumulative iCalendar instances cap in CalDAV free-busy REPORT handler
  • Configuration: Prefix parsing issues (#​2495)
  • OIDC: JWKS Exposes Symmetric Signing Key
  • SQLite: Fix thread pool exhaustion.
  • PostgreSQL: Use clean recycling method on connection pool
  • Meilisearch: Make id sorteable.
  • ACME: Fix wrong origin for subdomain updates (#​2360)
  • Spam filter: Skip invalid messages during training.
  • Calendar: Include minutes in localized invite templates (#​2828)
  • HTTP: Fix 204 CORS preflight responses
Check binary attestation here
stalwartlabs/mail-server (stalwartlabs/mail-server)

v0.16.0

Compare Source

[0.16.0] - 2026-04-20

This version includes multiple breaking changes. If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

  • Web UI rewritten from the ground up using the JMAP management API, featuring a refreshed design and addressing 76 enhancement requests and bug fixes.
  • CLI rewritten from the ground up to use the JMAP management API.
  • Security enhancements:
    • Password strength enforcement using the zxcvbn algorithm
    • Password expiration, rotation policies and IP address restrictions for user accounts
    • App Passwords with limited access (#​1609), labels (#​2255), IP address restrictions and expiration dates
    • API keys with limited access, labels, IP address restrictions and expiration dates
    • Auto-ban comments and details about the triggering event (#​1321)
    • Auto-ban expiration after a configurable time period (#​964)
  • DNS Management:
  • DKIM:
    • Automatic DKIM key generation, rotation and DNS management (#​368 #​961)
    • Store DKIM keys in the database (#​1264)
    • Ignore insecure signatures when verifying DKIM (#​1068 #​467)
  • ACME/TLS:
  • OIDC and OAuth:
    • JWT token validation without requesting userinfo from the OIDC provider.
    • Audience (aud) claim (#​2603) and scope validation support.
    • Groups support (#​1448)
    • RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients
  • LDAP:
  • Directory:
    • Masked email addresses for enhanced privacy (Enterprise)
    • Domain aliases (#​583)
    • E-mail alias descriptions and option to disable aliases (#​506)
    • Account archiving and un-deletion (#​2767) (Enterprise)
    • Per-domain directory backends (Enterprise)
  • Account configuration and discovery:
  • Sieve: Allow deactivating scripts without deleting them (#​1251).
  • Tracing: Enable events only mode (#​2276)
  • Clustering:
    • Automatic cluster node ID generation and management.
    • Unified cluster management (#​960)
    • Outbound MTA role (#​1692)

Changed

  • Replaced REST API with JMAP API (#​2262 #​959 #​1480)
  • Removed support for Authenticated Received Chain (ARC) sealing (learn more).
  • Directory: Removed smtp, imap and memory directory backends.
  • Use aws-lc for cryptographic operations instead of ring.
  • Use rustls-platform-verifier for TLS certificate verification instead of webpki (#​247).

Fixed

  • Directory:
    • Cannot remove built-in "admin" role from user once it was assigned (#​1467)
    • Delete associated records (#​963)
    • Updated Role permissions not applied (#​2038)
    • Recreated account cannot log in until server is restarted (#​1469)
    • Subaddressing does not work for groups (#​475)
    • New LDAP aliases are rejected (#​1318).
    • Validate account and group names (#​2209)
  • MTA:
    • RCPT TO stage settings improvements (#​2217 #​394)
    • Relay to IP addresses (#​838)
    • Duplicate delivery inverted check
    • SASL challenge responses include invalid Go ahead text
  • JMAP:
    • Fix inMailboxOtherThan query logic.
    • Fix hasAttachment search field (#​2778)
  • IMAP:
    • Increment argument max length to 8000 bytes
    • ACL: Add RIGHTS capability (#​2762)
    • ACL: Fix ACL SET permission override.
  • WebDAV:
    • Return 304 NOT_MODIFIED on If-None-Match
    • Use RFC 2616 instead of RFC 1123 for date formatting
    • Fix ACL container/item mismatch in reports.
    • CalDAV: Allow organized properties to be present in PUT requests if they are equal to the existing ones.
    • CalDAV: Enforce cumulative iCalendar instances cap in CalDAV free-busy REPORT handler
  • Configuration: Prefix parsing issues (#​2495)
  • OIDC: JWKS Exposes Symmetric Signing Key
  • SQLite: Fix thread pool exhaustion.
  • PostgreSQL: Use clean recycling method on connection pool
  • Meilisearch: Make id sorteable.
  • ACME: Fix wrong origin for subdomain updates (#​2360)
  • Spam filter: Skip invalid messages during training.
  • Calendar: Include minutes in localized invite templates (#​2828)
  • HTTP: Fix 204 CORS preflight responses
Check binary attestation here

Configuration

📅 Schedule: (in timezone America/Chicago)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/stalwartlabs/stalwart](https://github.com/stalwartlabs/stalwart) | minor | `v0.15.5` → `v0.16.0` | | [stalwartlabs/mail-server](https://github.com/stalwartlabs/mail-server) | minor | `0.15.5` → `0.16.0` | --- ### Release Notes <details> <summary>stalwartlabs/stalwart (ghcr.io/stalwartlabs/stalwart)</summary> ### [`v0.16.0`](https://github.com/stalwartlabs/stalwart/releases/tag/v0.16.0) [Compare Source](https://github.com/stalwartlabs/stalwart/compare/v0.15.5...v0.16.0) #### \[0.16.0] - 2026-04-20 This version includes **multiple breaking changes**. If you are upgrading from v0.15.x and below, please read the [upgrading documentation](https://github.com/stalwartlabs/stalwart/blob/main/UPGRADING/v0_16.md) for more information on how to upgrade from previous versions. #### Added - [Web UI](https://github.com/stalwartlabs/webui) rewritten from the ground up using the JMAP management API, featuring a refreshed design and addressing 76 enhancement requests and bug fixes. - [CLI](https://github.com/stalwartlabs/cli) rewritten from the ground up to use the JMAP management API. - Security enhancements: - Password strength enforcement using the `zxcvbn` algorithm - Password expiration, rotation policies and IP address restrictions for user accounts - App Passwords with limited access ([#&#8203;1609](https://github.com/stalwartlabs/stalwart/issues/1609)), labels ([#&#8203;2255](https://github.com/stalwartlabs/stalwart/issues/2255)), IP address restrictions and expiration dates - API keys with limited access, labels, IP address restrictions and expiration dates - Auto-ban comments and details about the triggering event ([#&#8203;1321](https://github.com/stalwartlabs/stalwart/issues/1321)) - Auto-ban expiration after a configurable time period ([#&#8203;964](https://github.com/stalwartlabs/stalwart/issues/964)) - DNS Management: - Automatic DNS management of `MX`, `TXT`, `CNAME`, `SRV`, `CAA` and `TLSA` records ([#&#8203;463](https://github.com/stalwartlabs/stalwart/issues/463) [#&#8203;1017](https://github.com/stalwartlabs/stalwart/issues/1017) [#&#8203;1419](https://github.com/stalwartlabs/stalwart/issues/1419) [#&#8203;2438](https://github.com/stalwartlabs/stalwart/issues/2438) [#&#8203;1370](https://github.com/stalwartlabs/stalwart/issues/1370) [#&#8203;1406](https://github.com/stalwartlabs/stalwart/issues/1406) [#&#8203;1371](https://github.com/stalwartlabs/stalwart/issues/1371)) - Automatic update of `TLSA` records when ACME certificates change ([#&#8203;1664](https://github.com/stalwartlabs/stalwart/issues/1664)) - RFC2136 `SIG(0)` support ([#&#8203;856](https://github.com/stalwartlabs/stalwart/issues/856)) - Route53 provider support (contributed by [@&#8203;jimmystewpot](https://github.com/jimmystewpot)) - Google Cloud DNS provider support (contributed by [@&#8203;jimmystewpot](https://github.com/jimmystewpot)) - Bunny provider support (contributed by [@&#8203;angeloanan](https://github.com/angeloanan)) - Porkbun provider support (contributed by [@&#8203;jeffesquivels](https://github.com/jeffesquivels)) - DNSimple provider support (contributed by [@&#8203;NelsonVides](https://github.com/NelsonVides)) - Spaceship provider support (contributed by [@&#8203;matserix](https://github.com/matserix)) - DKIM: - Automatic DKIM key generation, rotation and DNS management ([#&#8203;368](https://github.com/stalwartlabs/stalwart/issues/368) [#&#8203;961](https://github.com/stalwartlabs/stalwart/issues/961)) - Store DKIM keys in the database ([#&#8203;1264](https://github.com/stalwartlabs/stalwart/issues/1264)) - Ignore insecure signatures when verifying DKIM ([#&#8203;1068](https://github.com/stalwartlabs/stalwart/issues/1068) [#&#8203;467](https://github.com/stalwartlabs/stalwart/issues/467)) - ACME/TLS: - `DNS-PERSIST-01` ACME challenge support ([#&#8203;2837](https://github.com/stalwartlabs/stalwart/issues/2837)) - Renew certificates on demand, view certificate details ([#&#8203;675](https://github.com/stalwartlabs/stalwart/issues/675) [#&#8203;1162](https://github.com/stalwartlabs/stalwart/issues/1162) [#&#8203;2566](https://github.com/stalwartlabs/stalwart/issues/2566)) - `CAA` record support ([#&#8203;468](https://github.com/stalwartlabs/stalwart/issues/468)) with `accounturi` parameter ([#&#8203;1933](https://github.com/stalwartlabs/stalwart/issues/1933)) - `TLSA` records publishing restricted to `3 1 1` and `2 1 1` ([#&#8203;2193](https://github.com/stalwartlabs/stalwart/issues/2193)) - OIDC and OAuth: - JWT token validation without requesting userinfo from the OIDC provider. - Audience (`aud`) claim ([#&#8203;2603](https://github.com/stalwartlabs/stalwart/issues/2603)) and scope validation support. - Groups support ([#&#8203;1448](https://github.com/stalwartlabs/stalwart/issues/1448)) - RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients - LDAP: - Separate filter for groups ([#&#8203;1841](https://github.com/stalwartlabs/stalwart/issues/1841)) - Improve support for OpenLDAP schemas ([#&#8203;760](https://github.com/stalwartlabs/stalwart/issues/760)) - Improve and simplify LDAP settings ([#&#8203;2194](https://github.com/stalwartlabs/stalwart/issues/2194) [#&#8203;2174](https://github.com/stalwartlabs/stalwart/issues/2174)) - Directory: - Masked email addresses for enhanced privacy (*Enterprise*) - Domain aliases ([#&#8203;583](https://github.com/stalwartlabs/stalwart/issues/583)) - E-mail alias descriptions and option to disable aliases ([#&#8203;506](https://github.com/stalwartlabs/stalwart/issues/506)) - Account archiving and un-deletion ([#&#8203;2767](https://github.com/stalwartlabs/stalwart/issues/2767)) (*Enterprise*) - Per-domain directory backends (*Enterprise*) - Account configuration and discovery: - Automatic Configuration of Email, Calendar, and Contact Server Settings ([draft-mailmaint-uaautoconf-04](https://datatracker.ietf.org/doc/html/draft-eggert-mailmaint-uaautoconf-04)) ([#&#8203;2201](https://github.com/stalwartlabs/stalwart/issues/2201)) - MS Autodiscover V2 support ([#&#8203;679](https://github.com/stalwartlabs/stalwart/issues/679)) - Sieve: Allow deactivating scripts without deleting them ([#&#8203;1251](https://github.com/stalwartlabs/stalwart/issues/1251)). - Tracing: Enable events only mode ([#&#8203;2276](https://github.com/stalwartlabs/stalwart/issues/2276)) - Clustering: - Automatic cluster node ID generation and management. - Unified cluster management ([#&#8203;960](https://github.com/stalwartlabs/stalwart/issues/960)) - Outbound MTA role ([#&#8203;1692](https://github.com/stalwartlabs/stalwart/issues/1692)) #### Changed - Replaced REST API with JMAP API ([#&#8203;2262](https://github.com/stalwartlabs/stalwart/issues/2262) [#&#8203;959](https://github.com/stalwartlabs/stalwart/issues/959) [#&#8203;1480](https://github.com/stalwartlabs/stalwart/issues/1480)) - Removed support for Authenticated Received Chain (ARC) sealing ([learn more](https://mailarchive.ietf.org/arch/msg/dmarc/KvX3-H1SL0Gh3IDl7FuR2hoR87M/)). - Directory: Removed `smtp`, `imap` and `memory` directory backends. - Use `aws-lc` for cryptographic operations instead of `ring`. - Use `rustls-platform-verifier` for TLS certificate verification instead of `webpki` ([#&#8203;247](https://github.com/stalwartlabs/stalwart/issues/247)). #### Fixed - Directory: - Cannot remove built-in "admin" role from user once it was assigned ([#&#8203;1467](https://github.com/stalwartlabs/stalwart/issues/1467)) - Delete associated records ([#&#8203;963](https://github.com/stalwartlabs/stalwart/issues/963)) - Updated Role permissions not applied ([#&#8203;2038](https://github.com/stalwartlabs/stalwart/issues/2038)) - Recreated account cannot log in until server is restarted ([#&#8203;1469](https://github.com/stalwartlabs/stalwart/issues/1469)) - Subaddressing does not work for groups ([#&#8203;475](https://github.com/stalwartlabs/stalwart/issues/475)) - New LDAP aliases are rejected ([#&#8203;1318](https://github.com/stalwartlabs/stalwart/issues/1318)). - Validate account and group names ([#&#8203;2209](https://github.com/stalwartlabs/stalwart/issues/2209)) - MTA: - RCPT TO stage settings improvements ([#&#8203;2217](https://github.com/stalwartlabs/stalwart/issues/2217) [#&#8203;394](https://github.com/stalwartlabs/stalwart/issues/394)) - Relay to IP addresses ([#&#8203;838](https://github.com/stalwartlabs/stalwart/issues/838)) - Duplicate delivery inverted check - SASL challenge responses include invalid `Go ahead` text - JMAP: - Fix `inMailboxOtherThan` query logic. - Fix `hasAttachment` search field ([#&#8203;2778](https://github.com/stalwartlabs/stalwart/issues/2778)) - IMAP: - Increment argument max length to `8000` bytes - ACL: Add `RIGHTS` capability ([#&#8203;2762](https://github.com/stalwartlabs/stalwart/issues/2762)) - ACL: Fix `ACL SET` permission override. - WebDAV: - Return `304` `NOT_MODIFIED` on `If-None-Match` - Use RFC 2616 instead of RFC 1123 for date formatting - Fix ACL container/item mismatch in reports. - CalDAV: Allow organized properties to be present in `PUT` requests if they are equal to the existing ones. - CalDAV: Enforce cumulative iCalendar instances cap in CalDAV free-busy REPORT handler - Configuration: Prefix parsing issues ([#&#8203;2495](https://github.com/stalwartlabs/stalwart/issues/2495)) - OIDC: JWKS Exposes Symmetric Signing Key - SQLite: Fix thread pool exhaustion. - PostgreSQL: Use clean recycling method on connection pool - Meilisearch: Make `id` sorteable. - ACME: Fix wrong origin for subdomain updates ([#&#8203;2360](https://github.com/stalwartlabs/stalwart/issues/2360)) - Spam filter: Skip invalid messages during training. - Calendar: Include minutes in localized invite templates ([#&#8203;2828](https://github.com/stalwartlabs/stalwart/issues/2828)) - HTTP: Fix `204` CORS preflight responses <hr /> ##### Check binary attestation [here](https://github.com/stalwartlabs/stalwart/attestations/25009869) </details> <details> <summary>stalwartlabs/mail-server (stalwartlabs/mail-server)</summary> ### [`v0.16.0`](https://github.com/stalwartlabs/stalwart/releases/tag/v0.16.0) [Compare Source](https://github.com/stalwartlabs/mail-server/compare/v0.15.5...v0.16.0) #### \[0.16.0] - 2026-04-20 This version includes **multiple breaking changes**. If you are upgrading from v0.15.x and below, please read the [upgrading documentation](https://github.com/stalwartlabs/stalwart/blob/main/UPGRADING/v0_16.md) for more information on how to upgrade from previous versions. #### Added - [Web UI](https://github.com/stalwartlabs/webui) rewritten from the ground up using the JMAP management API, featuring a refreshed design and addressing 76 enhancement requests and bug fixes. - [CLI](https://github.com/stalwartlabs/cli) rewritten from the ground up to use the JMAP management API. - Security enhancements: - Password strength enforcement using the `zxcvbn` algorithm - Password expiration, rotation policies and IP address restrictions for user accounts - App Passwords with limited access ([#&#8203;1609](https://github.com/stalwartlabs/mail-server/issues/1609)), labels ([#&#8203;2255](https://github.com/stalwartlabs/mail-server/issues/2255)), IP address restrictions and expiration dates - API keys with limited access, labels, IP address restrictions and expiration dates - Auto-ban comments and details about the triggering event ([#&#8203;1321](https://github.com/stalwartlabs/mail-server/issues/1321)) - Auto-ban expiration after a configurable time period ([#&#8203;964](https://github.com/stalwartlabs/mail-server/issues/964)) - DNS Management: - Automatic DNS management of `MX`, `TXT`, `CNAME`, `SRV`, `CAA` and `TLSA` records ([#&#8203;463](https://github.com/stalwartlabs/mail-server/issues/463) [#&#8203;1017](https://github.com/stalwartlabs/mail-server/issues/1017) [#&#8203;1419](https://github.com/stalwartlabs/mail-server/issues/1419) [#&#8203;2438](https://github.com/stalwartlabs/mail-server/issues/2438) [#&#8203;1370](https://github.com/stalwartlabs/mail-server/issues/1370) [#&#8203;1406](https://github.com/stalwartlabs/mail-server/issues/1406) [#&#8203;1371](https://github.com/stalwartlabs/mail-server/issues/1371)) - Automatic update of `TLSA` records when ACME certificates change ([#&#8203;1664](https://github.com/stalwartlabs/mail-server/issues/1664)) - RFC2136 `SIG(0)` support ([#&#8203;856](https://github.com/stalwartlabs/mail-server/issues/856)) - Route53 provider support (contributed by [@&#8203;jimmystewpot](https://github.com/jimmystewpot)) - Google Cloud DNS provider support (contributed by [@&#8203;jimmystewpot](https://github.com/jimmystewpot)) - Bunny provider support (contributed by [@&#8203;angeloanan](https://github.com/angeloanan)) - Porkbun provider support (contributed by [@&#8203;jeffesquivels](https://github.com/jeffesquivels)) - DNSimple provider support (contributed by [@&#8203;NelsonVides](https://github.com/NelsonVides)) - Spaceship provider support (contributed by [@&#8203;matserix](https://github.com/matserix)) - DKIM: - Automatic DKIM key generation, rotation and DNS management ([#&#8203;368](https://github.com/stalwartlabs/mail-server/issues/368) [#&#8203;961](https://github.com/stalwartlabs/mail-server/issues/961)) - Store DKIM keys in the database ([#&#8203;1264](https://github.com/stalwartlabs/mail-server/issues/1264)) - Ignore insecure signatures when verifying DKIM ([#&#8203;1068](https://github.com/stalwartlabs/mail-server/issues/1068) [#&#8203;467](https://github.com/stalwartlabs/mail-server/issues/467)) - ACME/TLS: - `DNS-PERSIST-01` ACME challenge support ([#&#8203;2837](https://github.com/stalwartlabs/mail-server/issues/2837)) - Renew certificates on demand, view certificate details ([#&#8203;675](https://github.com/stalwartlabs/mail-server/issues/675) [#&#8203;1162](https://github.com/stalwartlabs/mail-server/issues/1162) [#&#8203;2566](https://github.com/stalwartlabs/mail-server/issues/2566)) - `CAA` record support ([#&#8203;468](https://github.com/stalwartlabs/mail-server/issues/468)) with `accounturi` parameter ([#&#8203;1933](https://github.com/stalwartlabs/mail-server/issues/1933)) - `TLSA` records publishing restricted to `3 1 1` and `2 1 1` ([#&#8203;2193](https://github.com/stalwartlabs/mail-server/issues/2193)) - OIDC and OAuth: - JWT token validation without requesting userinfo from the OIDC provider. - Audience (`aud`) claim ([#&#8203;2603](https://github.com/stalwartlabs/mail-server/issues/2603)) and scope validation support. - Groups support ([#&#8203;1448](https://github.com/stalwartlabs/mail-server/issues/1448)) - RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients - LDAP: - Separate filter for groups ([#&#8203;1841](https://github.com/stalwartlabs/mail-server/issues/1841)) - Improve support for OpenLDAP schemas ([#&#8203;760](https://github.com/stalwartlabs/mail-server/issues/760)) - Improve and simplify LDAP settings ([#&#8203;2194](https://github.com/stalwartlabs/mail-server/issues/2194) [#&#8203;2174](https://github.com/stalwartlabs/mail-server/issues/2174)) - Directory: - Masked email addresses for enhanced privacy (*Enterprise*) - Domain aliases ([#&#8203;583](https://github.com/stalwartlabs/mail-server/issues/583)) - E-mail alias descriptions and option to disable aliases ([#&#8203;506](https://github.com/stalwartlabs/mail-server/issues/506)) - Account archiving and un-deletion ([#&#8203;2767](https://github.com/stalwartlabs/mail-server/issues/2767)) (*Enterprise*) - Per-domain directory backends (*Enterprise*) - Account configuration and discovery: - Automatic Configuration of Email, Calendar, and Contact Server Settings ([draft-mailmaint-uaautoconf-04](https://datatracker.ietf.org/doc/html/draft-eggert-mailmaint-uaautoconf-04)) ([#&#8203;2201](https://github.com/stalwartlabs/mail-server/issues/2201)) - MS Autodiscover V2 support ([#&#8203;679](https://github.com/stalwartlabs/mail-server/issues/679)) - Sieve: Allow deactivating scripts without deleting them ([#&#8203;1251](https://github.com/stalwartlabs/mail-server/issues/1251)). - Tracing: Enable events only mode ([#&#8203;2276](https://github.com/stalwartlabs/mail-server/issues/2276)) - Clustering: - Automatic cluster node ID generation and management. - Unified cluster management ([#&#8203;960](https://github.com/stalwartlabs/mail-server/issues/960)) - Outbound MTA role ([#&#8203;1692](https://github.com/stalwartlabs/mail-server/issues/1692)) #### Changed - Replaced REST API with JMAP API ([#&#8203;2262](https://github.com/stalwartlabs/mail-server/issues/2262) [#&#8203;959](https://github.com/stalwartlabs/mail-server/issues/959) [#&#8203;1480](https://github.com/stalwartlabs/mail-server/issues/1480)) - Removed support for Authenticated Received Chain (ARC) sealing ([learn more](https://mailarchive.ietf.org/arch/msg/dmarc/KvX3-H1SL0Gh3IDl7FuR2hoR87M/)). - Directory: Removed `smtp`, `imap` and `memory` directory backends. - Use `aws-lc` for cryptographic operations instead of `ring`. - Use `rustls-platform-verifier` for TLS certificate verification instead of `webpki` ([#&#8203;247](https://github.com/stalwartlabs/mail-server/issues/247)). #### Fixed - Directory: - Cannot remove built-in "admin" role from user once it was assigned ([#&#8203;1467](https://github.com/stalwartlabs/mail-server/issues/1467)) - Delete associated records ([#&#8203;963](https://github.com/stalwartlabs/mail-server/issues/963)) - Updated Role permissions not applied ([#&#8203;2038](https://github.com/stalwartlabs/mail-server/issues/2038)) - Recreated account cannot log in until server is restarted ([#&#8203;1469](https://github.com/stalwartlabs/mail-server/issues/1469)) - Subaddressing does not work for groups ([#&#8203;475](https://github.com/stalwartlabs/mail-server/issues/475)) - New LDAP aliases are rejected ([#&#8203;1318](https://github.com/stalwartlabs/mail-server/issues/1318)). - Validate account and group names ([#&#8203;2209](https://github.com/stalwartlabs/mail-server/issues/2209)) - MTA: - RCPT TO stage settings improvements ([#&#8203;2217](https://github.com/stalwartlabs/mail-server/issues/2217) [#&#8203;394](https://github.com/stalwartlabs/mail-server/issues/394)) - Relay to IP addresses ([#&#8203;838](https://github.com/stalwartlabs/mail-server/issues/838)) - Duplicate delivery inverted check - SASL challenge responses include invalid `Go ahead` text - JMAP: - Fix `inMailboxOtherThan` query logic. - Fix `hasAttachment` search field ([#&#8203;2778](https://github.com/stalwartlabs/mail-server/issues/2778)) - IMAP: - Increment argument max length to `8000` bytes - ACL: Add `RIGHTS` capability ([#&#8203;2762](https://github.com/stalwartlabs/mail-server/issues/2762)) - ACL: Fix `ACL SET` permission override. - WebDAV: - Return `304` `NOT_MODIFIED` on `If-None-Match` - Use RFC 2616 instead of RFC 1123 for date formatting - Fix ACL container/item mismatch in reports. - CalDAV: Allow organized properties to be present in `PUT` requests if they are equal to the existing ones. - CalDAV: Enforce cumulative iCalendar instances cap in CalDAV free-busy REPORT handler - Configuration: Prefix parsing issues ([#&#8203;2495](https://github.com/stalwartlabs/mail-server/issues/2495)) - OIDC: JWKS Exposes Symmetric Signing Key - SQLite: Fix thread pool exhaustion. - PostgreSQL: Use clean recycling method on connection pool - Meilisearch: Make `id` sorteable. - ACME: Fix wrong origin for subdomain updates ([#&#8203;2360](https://github.com/stalwartlabs/mail-server/issues/2360)) - Spam filter: Skip invalid messages during training. - Calendar: Include minutes in localized invite templates ([#&#8203;2828](https://github.com/stalwartlabs/mail-server/issues/2828)) - HTTP: Fix `204` CORS preflight responses <hr /> ##### Check binary attestation [here](https://github.com/stalwartlabs/stalwart/attestations/25009869) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzOS42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkb2NrZXIiXX0=-->
renovate-bot added the docker label 2026-04-20 20:21:10 +00:00
renovate-bot added 1 commit 2026-04-22 21:08:40 +00:00
chore(deps): update stalwartlabs to v0.16.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 52s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 27s
Details
5a50e33fc4
renovate-bot force-pushed renovate/unified-stalwartlabs from 380eb29bb6 to 5a50e33fc4 2026-04-22 21:08:40 +00:00 Compare
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 52s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 27s
Details
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/unified-stalwartlabs:renovate/unified-stalwartlabs
git checkout renovate/unified-stalwartlabs
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Renovate
Issue generated by Renovate.
 automerge
This PR will be automerged by Renovate.
 chart
Chart update generated by Renovate.
 docker
Docker update generated by Renovate.
github-actions
Github Action update generated by Renovate.
helm
Helm update generated by Renovate.
image
Image update generated by Renovate.
 stale
PR or Issue that has not been updated recently.
No Label docker
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-bot renovate-bot alexlebens
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#6109
Delete Branch "renovate/unified-stalwartlabs"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?