Merge pull request #4882 from mailcow/staging

2022-11 Update

.github/FUNDING.yml

@@ -1 +1 @@
-custom: https://mailcow.github.io/mailcow-dockerized-docs/#help-mailcow
+custom: ["https://www.servercow.de/mailcow?lang=en#sal"]

.github/ISSUE_TEMPLATE/Bug_report.yml

@@ -7,8 +7,8 @@ body:
       label: Contribution guidelines
       description: Please read the contribution guidelines before proceeding.
       options:
-        - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
-          required: true
+      - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
+        required: true
   - type: checkboxes
     attributes:
       label: I've found a bug and checked that ...
@@ -26,70 +26,132 @@ body:
     attributes:
       label: Description
       description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
+      render: text
     validations:
       required: true
   - type: textarea
     attributes:
-      label: Logs
-      description: Please take a look at the [official documentation](https://mailcow.github.io/mailcow-dockerized-docs/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks.
-      render: bash
+      label: "Logs:"
+      description: "Please take a look at the [official documentation](https://docs.mailcow.email/troubleshooting/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks."
+      render: text
     validations:
       required: true
   - type: textarea
     attributes:
-      label: Steps to reproduce
-      description: Please describe the steps to reproduce the bug. Screenshots can be added, if helpful.
+      label: "Steps to reproduce:"
+      description: "Please describe the steps to reproduce the bug. Screenshots can be added, if helpful."
+      render: text
       placeholder: |-
         1. ...
         2. ...
         3. ...
     validations:
       required: true
-  - type: textarea
+  - type: markdown
     attributes:
-      label: System information
-      description: In this stage we would kindly ask you to attach general system information about your setup.
-      value: |-
-             | Question | Answer |
-             | --- | --- |
-             | My operating system | I_DO_REPLY_HERE |
-             | Is Apparmor, SELinux or similar active? | I_DO_REPLY_HERE |
-             | Virtualization technology (KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported** | I_DO_REPLY_HERE |
-             | Server/VM specifications (Memory, CPU Cores) | I_DO_REPLY_HERE |
-             | Docker version (`docker version`) | I_DO_REPLY_HERE |
-             | docker-compose version (`docker-compose version`) | I_DO_REPLY_HERE |
-             | mailcow version (```git describe --tags `git rev-list --tags --max-count=1` ```) | I_DO_REPLY_HERE |
-             | Reverse proxy (custom solution) | I_DO_REPLY_HERE |
-
-             Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             All third-party firewalls and custom iptables rules are unsupported. **Please check the Docker docs about how to use Docker with your own ruleset**. Nevertheless, iptabels output can help us to help you:
-             iptables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             iptables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             DNS problems? Please run `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network) and post the output:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
+      value: |
+        ## System information
+        ### In this stage we would kindly ask you to attach general system information about your setup.
+  - type: dropdown
+    attributes:
+      label: "Which branch are you using?"
+      description: "#### `git rev-parse --abbrev-ref HEAD`"
+      multiple: false
+      options:
+        - master
+        - nightly
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Operating System:"
+      placeholder: "e.g. Ubuntu 22.04 LTS"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Server/VM specifications:"
+      placeholder: "Memory, CPU Cores"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Is Apparmor, SELinux or similar active?"
+      placeholder: "yes/no"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Virtualization technology:"
+      placeholder: "KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported**"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Docker version:"
+      description: "#### `docker version`"
+      placeholder: "20.10.21"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "docker-compose version or docker compose version:"
+      description: "#### `docker-compose version` or `docker compose version`"
+      placeholder: "v2.12.2"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "mailcow version:"
+      description: "#### ```git describe --tags `git rev-list --tags --max-count=1` ```"
+      placeholder: "2022-08"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Reverse proxy:"
+      placeholder: "e.g. Nginx/Traefik"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of git diff:"
+      description: "#### Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn:"
+      description: "#### Output of `iptables -L -vn`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn:"
+      description: "#### Output of `ip6tables -L -vn`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn -t nat:"
+      description: "#### Output of `iptables -L -vn -t nat`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn -t nat:"
+      description: "#### Output of `ip6tables -L -vn -t nat`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "DNS check:"
+      description: "#### Output of `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network)"
+      render: text
     validations:
       required: true

.github/ISSUE_TEMPLATE/pr_to_nighty_template.yml

@@ -0,0 +1,13 @@
+## :memo:  Brief description
+<!-- Diff summary - START -->
+<!-- Diff summary - END -->
+
+
+## :computer:  Commits
+<!-- Diff commits - START -->
+<!-- Diff commits - END -->
+
+
+## :file_folder:  Modified files
+<!-- Diff files - START -->
+<!-- Diff files - END -->

.github/workflows/check_prs_if_on_staging.yml

@@ -0,0 +1,33 @@
+name: Check PRs if on staging
+on:
+    pull_request_target:
+      types: [opened, edited]
+permissions: {}
+
+jobs:
+  is_not_staging:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
+    steps:
+      - name: Send message
+        uses: thollander/actions-comment-pull-request@main
+        with:
+          GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
+          message: |
+                   Thanks for contributing!
+
+                   I noticed that you didn't select `staging` as your base branch. Please change the base branch to `staging`.
+                   See the attached picture on how to change the base branch to `staging`:
+
+                   ![check_prs_if_on_staging.png](https://raw.githubusercontent.com/mailcow/mailcow-dockerized/master/.github/workflows/assets/check_prs_if_on_staging.png)
+
+      - name: Fail #we want to see failed checks in the PR
+        if: ${{ success() }} #set exit code to 1 even if commenting somehow failed
+        run: exit 1
+
+  is_staging:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.base.ref == 'staging' #check if the target branch is staging
+    steps:
+      - name: Success
+        run: exit 0

.github/workflows/close_old_issues_and_prs.yml

@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v5.0.0
+        uses: actions/stale@v6.0.1
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60
@@ -30,6 +30,7 @@ jobs:
           stale-issue-label: "stale"
           stale-pr-label: "stale"
           exempt-draft-pr: "true"
+          close-issue-reason: "not_planned"
           operations-per-run: "250"
           ascending: "true"
           #DRY-RUN

.github/workflows/image_builds.yml

@@ -1,27 +1,31 @@
-name: Build Mailcow Docker Images
+name: Build mailcow Docker Images
 
 on:
   push:
     branches: [ "master", "staging" ]
   workflow_dispatch:
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   docker_image_builds:
     strategy:
       matrix:
-        images: ["acme-mailcow",
-                 "clamd-mailcow",
-                 "dockerapi-mailcow",
-                 "dovecot-mailcow",
-                 "netfilter-mailcow",
-                 "olefy-mailcow",
-                 "php-fpm-mailcow",
-                 "postfix-mailcow",
-                 "rspamd-mailcow",
-                 "sogo-mailcow",
-                 "solr-mailcow",
-                 "unbound-mailcow",
-                 "watchdog-mailcow"]
+        images:
+          - "acme-mailcow"
+          - "clamd-mailcow"
+          - "dockerapi-mailcow"
+          - "dovecot-mailcow"
+          - "netfilter-mailcow"
+          - "olefy-mailcow"
+          - "php-fpm-mailcow"
+          - "postfix-mailcow"
+          - "rspamd-mailcow"
+          - "sogo-mailcow"
+          - "solr-mailcow"
+          - "unbound-mailcow"
+          - "watchdog-mailcow"
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3

.github/workflows/integration_tests.yml

@@ -1,10 +1,13 @@
-name: Mailcow Integration Tests
+name: mailcow Integration Tests
 
 on:
   push:
     branches: [ "master", "staging" ]
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   integration_tests:
     runs-on: ubuntu-latest

.github/workflows/pr_to_nightly.yml

@@ -0,0 +1,25 @@
+name: Create PR to merge to nightly from staging
+on:
+  push:
+    branches:
+      - staging
+jobs:
+  action-pull-request:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Run the Action
+        uses: devops-infra/action-pull-request@v0.5.3
+        with:
+          github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
+          title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}
+          assignee: DerLinkman
+          source_branch: staging
+          target_branch: nightly
+          reviewer: DerLinkman
+          label: upstream
+          template: .github/ISSUE_TEMPLATE/pr_to_nighty_template.yml
+          get_diff: true

.github/workflows/rebuild_backup_image.yml

@@ -0,0 +1,34 @@
+name: Build mailcow backup image
+
+on:
+  schedule:
+    # At 00:00 on Sunday
+    - cron: "0 0 * * 0"
+  workflow_dispatch: # Allow to run workflow manually
+
+jobs:
+  docker_image_build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_USERNAME }}
+          password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: data/Dockerfiles/backup/Dockerfile
+          push: true
+          tags: mailcow/backup:latest

.github/workflows/tweet-trigger-publish-release.yml

@@ -4,14 +4,17 @@ on:
     types: [published]
 
 jobs:
-  build:
+  tweet:
     runs-on: ubuntu-latest
     steps:
+      - name: "Get Release Tag"
+        run:  |
+          RELEASE_TAG=$(curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq -r '.tag_name')
       - name: Tweet-trigger-publish-release
         uses: mugi111/tweet-trigger-release@v1.1
         with:
-          consumer_key: ${{ secrets.TWITTER_CONSUMER_KEY }}
-          consumer_secret: ${{ secrets.TWITTER_CONSUMER_SECRET }}
-          access_token_key: ${{ secrets.TWITTER_ACCESS_TOKEN_KEY }}
-          access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
-          tweet_body: 'A new mailcow-dockerized Release has been Released on GitHub! Checkout our GitHub Page for the latest Release: github.com/mailcow/mailcow-dockerized/releases/latest'
+          consumer_key: ${{ secrets.CONSUMER_KEY }}
+          consumer_secret: ${{ secrets.CONSUMER_SECRET }}
+          access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
+          access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
+          tweet_body: '$RELEASE_TAG is here! Checkout the GitHub Page for changelog regarding the $RELEASE_TAG Release: github.com/mailcow/mailcow-dockerized/releases/tag/$RELEASE_TAG'

README.md

@@ -2,6 +2,7 @@
 
 ## We stand with 🇺🇦
 
+[![Mailcow Integration Tests](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml/badge.svg?branch=master)](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml)
 [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
 

data/Dockerfiles/backup/Dockerfile

@@ -0,0 +1,3 @@
+FROM debian:bullseye-slim
+
+RUN apt update && apt install pigz

data/Dockerfiles/clamd/Dockerfile

@@ -1,4 +1,4 @@
-FROM clamav/clamav:0.105.0_base
+FROM clamav/clamav:0.105.1_base
 
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 

data/Dockerfiles/dovecot/docker-entrypoint.sh

@@ -307,6 +307,7 @@ namespace {
 }
 EOF
 
+
 cat <<EOF > /etc/dovecot/sogo_trusted_ip.conf
 # Autogenerated by mailcow
 remote ${IPV4_NETWORK}.248 {
@@ -349,6 +350,14 @@ sievec /var/vmail/sieve/global_sieve_after.sieve
 sievec /usr/lib/dovecot/sieve/report-spam.sieve
 sievec /usr/lib/dovecot/sieve/report-ham.sieve
 
+for file in /var/vmail/*/*/sieve/*.sieve ; do
+  if [[ "$file" == "/var/vmail/*/*/sieve/*.sieve" ]]; then
+    continue
+  fi
+  sievec "$file" "$(dirname "$file")/../.dovecot.svbin"
+  chown vmail:vmail "$(dirname "$file")/../.dovecot.svbin"
+done
+
 # Fix permissions
 chown root:root /etc/dovecot/sql/*.conf
 chown root:dovecot /etc/dovecot/sql/dovecot-dict-sql-sieve* /etc/dovecot/sql/dovecot-dict-sql-quota* /etc/dovecot/lua/passwd-verify.lua

data/Dockerfiles/dovecot/quarantine_notify.py

@@ -50,7 +50,7 @@ try:
   def query_mysql(query, headers = True, update = False):
     while True:
       try:
-        cnx = mysql.connector.connect(unix_socket = '/var/run/mysqld/mysqld.sock', user=os.environ.get('DBUSER'), passwd=os.environ.get('DBPASS'), database=os.environ.get('DBNAME'), charset="utf8")
+        cnx = mysql.connector.connect(unix_socket = '/var/run/mysqld/mysqld.sock', user=os.environ.get('DBUSER'), passwd=os.environ.get('DBPASS'), database=os.environ.get('DBNAME'), charset="utf8mb4", collation="utf8mb4_general_ci")
       except Exception as ex:
         print('%s - trying again...'  % (ex))
         time.sleep(3)
@@ -166,4 +166,4 @@ try:
       notify_rcpt(record['rcpt'], record['counter'], record['quarantine_acl'], attrs['quarantine_category'])
 
 finally:
-  os.unlink(pidfile)
+  os.unlink(pidfile)

data/Dockerfiles/netfilter/server.py

@@ -252,7 +252,7 @@ def permBan(net, unban=False):
       if rule not in chain.rules and not unban:
         logCrit('Add host/network %s to blacklist' % net)
         chain.insert_rule(rule)
-        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time()))) 
+        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time())))
       elif rule in chain.rules and unban:
         logCrit('Remove host/network %s from blacklist' % net)
         chain.delete_rule(rule)
@@ -267,7 +267,7 @@ def permBan(net, unban=False):
       if rule not in chain.rules and not unban:
         logCrit('Add host/network %s to blacklist' % net)
         chain.insert_rule(rule)
-        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time()))) 
+        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time())))
       elif rule in chain.rules and unban:
         logCrit('Remove host/network %s from blacklist' % net)
         chain.delete_rule(rule)
@@ -346,6 +346,8 @@ def snat4(snat_target):
     rule.dst = '!' + rule.src
     target = rule.create_target("SNAT")
     target.to_source = snat_target
+    match = rule.create_match("comment")
+    match.comment = f'{int(round(time.time()))}'
     return rule
 
   while not quit_now:
@@ -356,19 +358,26 @@ def snat4(snat_target):
         table.refresh()
         chain = iptc.Chain(table, 'POSTROUTING')
         table.autocommit = False
-        if get_snat4_rule() not in chain.rules:
-          logCrit('Added POSTROUTING rule for source network %s to SNAT target %s' % (get_snat4_rule().src, snat_target))
-          chain.insert_rule(get_snat4_rule())
-          table.commit()
-        else:
-          for position, item in enumerate(chain.rules):
-            if item == get_snat4_rule():
-              if position != 0:
-                chain.delete_rule(get_snat4_rule())
-          table.commit()
+        new_rule = get_snat4_rule()
+        for position, rule in enumerate(chain.rules):
+          match = all((
+            new_rule.get_src() == rule.get_src(),
+            new_rule.get_dst() == rule.get_dst(),
+            new_rule.target.parameters == rule.target.parameters,
+            new_rule.target.name == rule.target.name
+          ))
+          if position == 0:
+            if not match:
+              logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+              chain.insert_rule(new_rule)
+          else:
+            if match:
+              logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
+              chain.delete_rule(rule)
+        table.commit()
         table.autocommit = True
       except:
-        print('Error running SNAT4, retrying...') 
+        print('Error running SNAT4, retrying...')
 
 def snat6(snat_target):
   global lock
@@ -402,7 +411,7 @@ def snat6(snat_target):
           table.commit()
         table.autocommit = True
       except:
-        print('Error running SNAT6, retrying...') 
+        print('Error running SNAT6, retrying...')
 
 def autopurge():
   while not quit_now:
@@ -468,7 +477,7 @@ def whitelistUpdate():
       if Counter(new_whitelist) != Counter(WHITELIST):
         WHITELIST = new_whitelist
         logInfo('Whitelist was changed, it has %s entries' % len(WHITELIST))
-    time.sleep(60.0 - ((time.time() - start_time) % 60.0)) 
+    time.sleep(60.0 - ((time.time() - start_time) % 60.0))
 
 def blacklistUpdate():
   global quit_now
@@ -479,7 +488,7 @@ def blacklistUpdate():
     new_blacklist = []
     if list:
       new_blacklist = genNetworkList(list)
-    if Counter(new_blacklist) != Counter(BLACKLIST): 
+    if Counter(new_blacklist) != Counter(BLACKLIST):
       addban = set(new_blacklist).difference(BLACKLIST)
       delban = set(BLACKLIST).difference(new_blacklist)
       BLACKLIST = new_blacklist
@@ -490,7 +499,7 @@ def blacklistUpdate():
       if delban:
         for net in delban:
           permBan(net=net, unban=True)
-    time.sleep(60.0 - ((time.time() - start_time) % 60.0)) 
+    time.sleep(60.0 - ((time.time() - start_time) % 60.0))
 
 def initChain():
   # Is called before threads start, no locking

data/Dockerfiles/phpfpm/Dockerfile

@@ -1,12 +1,12 @@
-FROM php:8.0-fpm-alpine3.16
+FROM php:8.1-fpm-alpine3.16
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV APCU_PECL 5.1.21
+ENV APCU_PECL 5.1.22
 ENV IMAGICK_PECL 3.7.0
-# Mailparse is pulled from master branch
-#ENV MAILPARSE_PECL 3.0.2
+ENV MAILPARSE_PECL 3.1.4
 ENV MEMCACHED_PECL 3.2.0
 ENV REDIS_PECL 5.3.7
+ENV COMPOSER 2.4.4
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \
@@ -18,6 +18,7 @@ RUN apk add -U --no-cache autoconf \
   freetype-dev \
   g++ \
   git \
+  gettext \
   gettext-dev \
   gmp-dev \
   gnupg \
@@ -27,8 +28,11 @@ RUN apk add -U --no-cache autoconf \
   imagemagick-dev \
   imap-dev \
   jq \
+  libavif \
+  libavif-dev \
   libjpeg-turbo \
   libjpeg-turbo-dev \
+  libmemcached \
   libmemcached-dev \
   libpng \
   libpng-dev \
@@ -38,7 +42,9 @@ RUN apk add -U --no-cache autoconf \
   libtool \
   libwebp-dev \
   libxml2-dev \
+  libxpm \
   libxpm-dev \
+  libzip \
   libzip-dev \
   make \
   mysql-client \
@@ -49,22 +55,24 @@ RUN apk add -U --no-cache autoconf \
   samba-client \
   zlib-dev \
   tzdata \
-  && git clone https://github.com/php/pecl-mail-mailparse \
-  && cd pecl-mail-mailparse \
-  && pecl install package.xml \
-  && cd .. \
-  && rm -r pecl-mail-mailparse \
-  && pecl install redis-${REDIS_PECL} memcached-${MEMCACHED_PECL} APCu-${APCU_PECL} imagick-${IMAGICK_PECL} \
+  && pecl install mailparse-${MAILPARSE_PECL} \
+  && pecl install redis-${REDIS_PECL} \
+  && pecl install memcached-${MEMCACHED_PECL} \
+  && pecl install APCu-${APCU_PECL} \
+  && pecl install imagick-${IMAGICK_PECL} \
   && docker-php-ext-enable apcu imagick memcached mailparse redis \
   && pecl clear-cache \
   && docker-php-ext-configure intl \
   && docker-php-ext-configure exif \
   && docker-php-ext-configure gd --with-freetype=/usr/include/ \  
     --with-jpeg=/usr/include/ \
+    --with-webp \
+    --with-xpm \
+    --with-avif \
   && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
   && docker-php-ext-configure imap --with-imap --with-imap-ssl \
   && docker-php-ext-install -j 4 imap \
-  && curl --silent --show-error https://getcomposer.org/installer | php \
+  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER} \
   && mv composer.phar /usr/local/bin/composer \
   && chmod +x /usr/local/bin/composer \
   && apk del --purge autoconf \
@@ -72,15 +80,21 @@ RUN apk add -U --no-cache autoconf \
     cyrus-sasl-dev \
     freetype-dev \
     g++ \
+    gettext-dev \
     icu-dev \
     imagemagick-dev \
     imap-dev \
+    libavif-dev \
     libjpeg-turbo-dev \
+    libmemcached-dev \
     libpng-dev \
     libressl-dev \
     libwebp-dev \
     libxml2-dev \
+    libxpm-dev \
+    libzip-dev \
     make \
+    openldap-dev \
     pcre-dev \
     zlib-dev
 

data/Dockerfiles/postfix/postfix.sh

@@ -323,7 +323,19 @@ hosts = unix:/var/run/mysqld/mysqld.sock
 dbname = ${DBNAME}
 # First select queries domain and alias_domain to determine if domains are active.
 query = SELECT goto FROM alias
-  WHERE address='%s'
+  WHERE id IN (
+      SELECT COALESCE (
+        (
+          SELECT id FROM alias
+            WHERE address='%s'
+            AND (active='1' OR active='2')
+        ), (
+          SELECT id FROM alias
+            WHERE address='@%d'
+            AND (active='1' OR active='2')
+        )
+      )
+    )
     AND active='1'
     AND (domain IN
       (SELECT domain FROM domain
@@ -354,7 +366,7 @@ query = SELECT goto FROM alias
     WHERE alias_domain.alias_domain = '%d'
       AND mailbox.username = CONCAT('%u','@',alias_domain.target_domain)
       AND (mailbox.active = '1' OR mailbox.active ='2')
-      AND alias_domain.active='1'
+      AND alias_domain.active='1';
 EOF
 
 # MX based routing

data/Dockerfiles/sogo/Dockerfile

@@ -2,7 +2,7 @@ FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG SOGO_DEBIAN_REPOSITORY=http://packages.inverse.ca/SOGo/nightly/5/debian/
+ARG SOGO_DEBIAN_REPOSITORY=http://packages.sogo.nu/nightly/5/debian/
 ENV LC_ALL C
 ENV GOSU_VERSION 1.14
 
@@ -30,7 +30,7 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
   && gosu nobody true \
   && mkdir /usr/share/doc/sogo \
   && touch /usr/share/doc/sogo/empty.sh \
-  && apt-key adv --keyserver keyserver.ubuntu.com --recv-key 0x810273C4 \
+  && apt-key adv --keyserver keys.openpgp.org --recv-key 74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9 \
   && echo "deb ${SOGO_DEBIAN_REPOSITORY} bullseye bullseye" > /etc/apt/sources.list.d/sogo.list \
   && apt-get update && apt-get install -y --no-install-recommends \
     sogo \
@@ -52,4 +52,4 @@ RUN chmod +x /bootstrap-sogo.sh \
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

data/Dockerfiles/sogo/bootstrap-sogo.sh

@@ -142,6 +142,10 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_acl</string>
     <key>SOGoIMAPServer</key>
     <string>imap://${IPV4_NETWORK}.250:143/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <key>SOGoSieveServer</key>
+    <string>sieve://${IPV4_NETWORK}.250:4190/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <key>SOGoSMTPServer</key>
+    <string>smtp://${IPV4_NETWORK}.253:588/?TLS=YES&amp;tlsVerifyMode=none</string>
     <key>SOGoTrustProxyAuthentication</key>
     <string>YES</string>
     <key>SOGoEncryptionKey</key>

data/conf/rspamd/local.d/metadata_exporter.conf

@@ -16,8 +16,7 @@ rules {
     backend = "http";
     url = "http://nginx:9081/pushover.php";
     selector = "mailcow_rcpt";
-    # Only return msgid, do not parse the full message
-    formatter = "msgid";
+    formatter = "json";
     meta_headers = true;
   }
 }

data/conf/rspamd/meta_exporter/pushover.php

@@ -47,6 +47,7 @@ if (!function_exists('getallheaders'))  {
 }
 
 $headers = getallheaders();
+$json_body = json_decode(file_get_contents('php://input'));
 
 $qid      = $headers['X-Rspamd-Qid'];
 $rcpts    = $headers['X-Rspamd-Rcpt'];
@@ -65,6 +66,20 @@ if (is_array($symbols_array)) {
   }
 }
 
+$sender_address = $json_body->header_from[0];
+$sender_name = '-';
+if (preg_match('/(?<name>.*?)<(?<address>.*?)>/i', $sender_address, $matches)) {
+	$sender_address = $matches['address'];
+  $sender_name =  trim($matches['name'], '"\' ');
+}
+
+$to_address = $json_body->header_to[0];
+$to_name = '-';
+if (preg_match('/(?<name>.*?)<(?<address>.*?)>/i', $to_address, $matches)) {
+	$to_address = $matches['address'];
+  $to_name =  trim($matches['name'], '"\' ');
+}
+
 $rcpt_final_mailboxes = array();
 
 // Loop through all rcpts
@@ -229,9 +244,16 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
     $post_fields = array(
       "token" => $api_data['token'],
       "user" => $api_data['key'],
-      "title" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}'), array($subject, $sender), $title)),
+      "title" => sprintf("%s", str_replace(
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}'), 
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address), $title)
+      ),
       "priority" => $priority,
-      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}'), array($subject, $sender), $text))
+      "message" => sprintf("%s", str_replace(
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '\n'),
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, PHP_EOL), $text)
+      ),
+      "sound" => $attributes['sound'] ?? "pushover"
     );
     if ($attributes['evaluate_x_prio'] == "1" && $priority == 1) {
       $post_fields['expire'] = 600;

data/conf/sogo/sogo.conf

@@ -32,8 +32,6 @@
     // );
 
     // self-signed is not trusted anymore
-    SOGoSieveServer = "sieve://dovecot:4190/?TLS=YES&tlsVerifyMode=none";
-    SOGoSMTPServer = "smtp://postfix:588/?TLS=YES&tlsVerifyMode=none";
     WOPort = "0.0.0.0:20000";
     SOGoMemcachedHost = "memcached";
 

data/web/api/index.css

@@ -0,0 +1,16 @@
+html {
+    box-sizing: border-box;
+    overflow: -moz-scrollbars-vertical;
+    overflow-y: scroll;
+}
+
+*,
+*:before,
+*:after {
+    box-sizing: inherit;
+}
+
+body {
+    margin: 0;
+    background: #fafafa;
+}

data/web/api/index.html

@@ -5,56 +5,15 @@
     <meta charset="UTF-8">
     <title>Swagger UI</title>
     <link rel="stylesheet" type="text/css" href="./swagger-ui.css" />
+    <link rel="stylesheet" type="text/css" href="index.css" />
     <link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32" />
     <link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16" />
-    <style>
-      html
-      {
-        box-sizing: border-box;
-        overflow: -moz-scrollbars-vertical;
-        overflow-y: scroll;
-      }
-
-      *,
-      *:before,
-      *:after
-      {
-        box-sizing: inherit;
-      }
-
-      body
-      {
-        margin:0;
-        background: #fafafa;
-      }
-    </style>
   </head>
 
   <body>
     <div id="swagger-ui"></div>
-
     <script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>
     <script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
-    <script>
-    window.onload = function() {
-      // Begin Swagger UI call region
-      const ui = SwaggerUIBundle({
-        urls: [{url: "/api/openapi.yaml", name: "mailcow API"}],
-        dom_id: '#swagger-ui',
-        deepLinking: true,
-        presets: [
-          SwaggerUIBundle.presets.apis,
-          SwaggerUIStandalonePreset
-        ],
-        plugins: [
-          SwaggerUIBundle.plugins.DownloadUrl
-        ],
-        layout: "StandaloneLayout"
-      });
-      // End Swagger UI call region
-
-      window.ui = ui;
-    };
-  </script>
+    <script src="./swagger-initializer.js" charset="UTF-8"> </script>
   </body>
 </html>

data/web/api/oauth2-redirect.html

@@ -13,7 +13,7 @@
         var isValid, qp, arr;
 
         if (/code|token|error/.test(window.location.hash)) {
-            qp = window.location.hash.substring(1);
+            qp = window.location.hash.substring(1).replace('?', '&');
         } else {
             qp = location.search.substring(1);
         }
@@ -38,7 +38,7 @@
                     authId: oauth2.auth.name,
                     source: "auth",
                     level: "warning",
-                    message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
+                    message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
                 });
             }
 
@@ -58,7 +58,7 @@
                     authId: oauth2.auth.name,
                     source: "auth",
                     level: "error",
-                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server"
+                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
                 });
             }
         } else {
@@ -67,9 +67,13 @@
         window.close();
     }
 
-    window.addEventListener('DOMContentLoaded', function () {
-      run();
-    });
+    if (document.readyState !== 'loading') {
+        run();
+    } else {
+        document.addEventListener('DOMContentLoaded', function () {
+            run();
+        });
+    }
 </script>
 </body>
 </html>

data/web/api/openapi.yaml

@@ -518,21 +518,23 @@ paths:
                         - domain.tld
                       type: success
               schema:
-                properties:
-                  log:
-                    description: contains request object
-                    items: {}
-                    type: array
-                  msg:
-                    items: {}
-                    type: array
-                  type:
-                    enum:
-                      - success
-                      - danger
-                      - error
-                    type: string
-                type: object
+                type: array
+                items:
+                  type: object
+                  properties:
+                    log:
+                      description: contains request object
+                      items: {}
+                      type: array
+                    msg:
+                      items: {}
+                      type: array
+                    type:
+                      enum:
+                        - success
+                        - danger
+                        - error
+                      type: string
           description: OK
           headers: {}
       tags:
@@ -579,6 +581,11 @@ paths:
                 domain:
                   description: Fully qualified domain name
                   type: string
+                gal:
+                  description: >-
+                    is domain global address list active or not, it enables
+                    shared contacts accross domain in SOGo webmail
+                  type: boolean
                 mailboxes:
                   description: limit count of mailboxes associated with this domain
                   type: number
@@ -596,6 +603,9 @@ paths:
                     if not, them you have to create "dummy" mailbox for each
                     address to relay
                   type: boolean
+                relay_unknown_only:
+                  description: Relay non-existing mailboxes only. Existing mailboxes will be delivered locally.
+                  type: boolean
                 rl_frame:
                   enum:
                     - s
@@ -606,6 +616,11 @@ paths:
                 rl_value:
                   description: rate limit value
                   type: number
+                tags:
+                  description: tags for this Domain
+                  type: array
+                  items:
+                    type: string
               type: object
       summary: Create domain
   /api/v1/add/domain-admin:
@@ -1952,21 +1967,23 @@ paths:
                         - domain2.tld
                       type: success
               schema:
-                properties:
-                  log:
-                    description: contains request object
-                    items: {}
-                    type: array
-                  msg:
-                    items: {}
-                    type: array
-                  type:
-                    enum:
-                      - success
-                      - danger
-                      - error
-                    type: string
-                type: object
+                type: array
+                items:
+                  type: object
+                  properties:
+                    log:
+                      description: contains request object
+                      items: {}
+                      type: array
+                    msg:
+                      items: {}
+                      type: array
+                    type:
+                      enum:
+                        - success
+                        - danger
+                        - error
+                      type: string
           description: OK
           headers: {}
       tags:
@@ -1977,14 +1994,15 @@ paths:
         content:
           application/json:
             schema:
+              type: object
               example:
                 - domain.tld
                 - domain2.tld
               properties:
-                items:
-                  description: contains list of domains you want to delete
-                  type: object
-              type: object
+                items: 
+                  type: array
+                  items:
+                    type: string
       summary: Delete domain
   /api/v1/delete/domain-admin:
     post:
@@ -2972,23 +2990,25 @@ paths:
           $ref: "#/components/responses/Unauthorized"
         "200":
           content:
-            "*/*":
+            application/json:
               schema:
-                properties:
-                  log:
-                    description: contains request object
-                    items: {}
-                    type: array
-                  msg:
-                    items: {}
-                    type: array
-                  type:
-                    enum:
-                      - success
-                      - danger
-                      - error
-                    type: string
-                type: object
+                type: array
+                items: 
+                  type: object
+                  properties:
+                    log:
+                      type: array
+                      description: contains request object
+                      items: {}
+                    msg:
+                      type: array
+                      items: {}
+                    type:
+                      enum:
+                        - success
+                        - danger
+                        - error
+                      type: string
           description: OK
           headers: {}
       tags:
@@ -3056,13 +3076,33 @@ paths:
                         if not, them you have to create "dummy" mailbox for each
                         address to relay
                       type: boolean
+                    relay_unknown_only:
+                      description: Relay non-existing mailboxes only. Existing mailboxes will be delivered locally.
+                      type: boolean
                     relayhost:
                       description: id of relayhost
                       type: number
+                    rl_frame:
+                      enum:
+                        - s
+                        - m
+                        - h
+                        - d
+                      type: string
+                    rl_value:
+                      description: rate limit value
+                      type: number
+                    tags:
+                      description: tags for this Domain
+                      type: array
+                      items:
+                        type: string
                   type: object
                 items:
                   description: contains list of domain names you want update
-                  type: object
+                  type: array
+                  items:
+                    type: string
               type: object
       summary: Update domain
   /api/v1/edit/fail2ban:
@@ -3309,6 +3349,7 @@ paths:
                           evaluate_x_prio: "0"
                           key: 21e8918e1jksdjcpis712
                           only_x_prio: "0"
+                          sound: "pushover"
                           senders: ""
                           senders_regex: ""
                           text: ""
@@ -3352,6 +3393,7 @@ paths:
                   evaluate_x_prio: "0"
                   key: 21e8918e1jksdjcpis712
                   only_x_prio: "0"
+                  sound: "pushover"
                   senders: ""
                   senders_regex: ""
                   text: ""
@@ -3373,6 +3415,9 @@ paths:
                     only_x_prio:
                       description: Only send push for prio mails
                       type: number
+                    sound:
+                      description: Set notification sound
+                      type: string
                     senders:
                       description: Only send push for emails from these senders
                       type: string
@@ -5461,6 +5506,60 @@ paths:
                   attr:
                     spam_score: "8,15"
       summary: Edit mailbox spam filter score
+  "/api/v1/get/mailbox/all/{domain}":
+    get:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          required: false
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      attributes:
+                        force_pw_update: "0"
+                        mailbox_format: "maildir:"
+                        quarantine_notification: never
+                        sogo_access: "1"
+                        tls_enforce_in: "0"
+                        tls_enforce_out: "0"
+                      domain: domain3.tld
+                      is_relayed: 0
+                      local_part: info
+                      max_new_quota: 10737418240
+                      messages: 0
+                      name: Full name
+                      percent_class: success
+                      percent_in_use: 0
+                      quota: 3221225472
+                      quota_used: 0
+                      rl: false
+                      spam_aliases: 0
+                      username: info@domain3.tld
+                      tags: ["tag1", "tag2"]
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can list all mailboxes existing in system for a specific domain.
+      operationId: Get mailboxes of a domain
+      summary: Get mailboxes of a domain
 
 tags:
   - name: Domains

data/web/api/swagger-initializer.js

@@ -0,0 +1,19 @@
+window.onload = function() {
+  // Begin Swagger UI call region
+  const ui = SwaggerUIBundle({
+    urls: [{url: "/api/openapi.yaml", name: "mailcow API"}],
+    dom_id: '#swagger-ui',
+    deepLinking: true,
+    presets: [
+      SwaggerUIBundle.presets.apis,
+      SwaggerUIStandalonePreset
+    ],
+    plugins: [
+      SwaggerUIBundle.plugins.DownloadUrl
+    ],
+    layout: "StandaloneLayout"
+  });
+  // End Swagger UI call region
+
+  window.ui = ui;
+};

data/web/css/build/006-footable.bootstrap.min.css

@@ -128,10 +128,10 @@ table.footable > tbody > tr.footable-empty > th {
   content: "\f130";
 }
 .fooicon-plus:before {
-  content: "\f4fc";
+  content: "\f4fd";
 }
 .fooicon-minus:before {
-  content: "\f2e8";
+  content: "\f2e9";
 }
 .fooicon-search:before {
   content: "\f52a";

data/web/css/build/008-mailcow.css

@@ -269,6 +269,7 @@ code {
   padding: 10px;
   background: #fbfbfb;
   border: 1px solid #ededed;
+  min-height: 110px;
 }
 
 .tag-box {

data/web/inc/ajax/qitem_details.php

@@ -127,6 +127,7 @@ elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
     $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
     // Get text/plain content
     $data['text_plain'] = $mail_parser->getMessageBody('text');
+    if (!json_encode($data['text_plain'])) $data['text_plain'] = '';
     // Get html content and convert to text
     $data['text_html'] = $html2text->convert($mail_parser->getMessageBody('html'));
     if (empty($data['text_plain']) && empty($data['text_html'])) {

data/web/inc/footer.inc.php

@@ -48,7 +48,14 @@ if (isset($pending_tfa_authmechs['u2f'])) {
 $globalVariables = [
   'mailcow_info' => array(
     'version_tag' => $GLOBALS['MAILCOW_GIT_VERSION'],
-    'git_project_url' => $GLOBALS['MAILCOW_GIT_URL']
+    'last_version_tag' => $GLOBALS['MAILCOW_LAST_GIT_VERSION'],
+    'git_owner' => $GLOBALS['MAILCOW_GIT_OWNER'],
+    'git_repo' => $GLOBALS['MAILCOW_GIT_REPO'],
+    'git_project_url' => $GLOBALS['MAILCOW_GIT_URL'],
+    'git_commit' => $GLOBALS['MAILCOW_GIT_COMMIT'],
+    'git_commit_date' => $GLOBALS['MAILCOW_GIT_COMMIT_DATE'],
+    'mailcow_branch' => $GLOBALS['MAILCOW_BRANCH'],
+    'updated_at' => $GLOBALS['MAILCOW_UPDATEDAT']
   ),
   'js_path' => '/cache/'.basename($JSPath),
   'pending_tfa_methods' => @$_SESSION['pending_tfa_methods'],

data/web/inc/functions.inc.php

@@ -935,38 +935,47 @@ function check_login($user, $pass, $app_passwd_data = false) {
     $stmt->execute(array(':user' => $user));
     $rows = array_merge($rows, $stmt->fetchAll(PDO::FETCH_ASSOC));
   }
-  foreach ($rows as $row) {
+  foreach ($rows as $row) { 
     // verify password
     if (verify_hash($row['password'], $pass) !== false) {
-      // check for tfa authenticators
-      $authenticators = get_tfa($user);
-      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
-        $_SESSION['pending_mailcow_cc_username'] = $user;
-        $_SESSION['pending_mailcow_cc_role'] = "user";
-        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-        unset($_SESSION['ldelay']);
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => array('logged_in_as', $user)
-        );
-        return "pending";
-      } else {
-        if ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {
-          $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV';
-          $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
-          $stmt->execute(array(
-            ':service' => $service,
-            ':app_id' => $row['app_passwd_id'],
-            ':username' => $user,
-            ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
-          ));
+      if (!array_key_exists("app_passwd_id", $row)){ 
+        // password is not a app password
+        // check for tfa authenticators
+        $authenticators = get_tfa($user);
+        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 &&
+            $app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true) {
+          // authenticators found, init TFA flow
+          $_SESSION['pending_mailcow_cc_username'] = $user;
+          $_SESSION['pending_mailcow_cc_role'] = "user";
+          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+          unset($_SESSION['ldelay']);
+          $_SESSION['return'][] =  array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $user, '*'),
+            'msg' => array('logged_in_as', $user)
+          );
+          return "pending";
+        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+          // no authenticators found, login successfull
+          // Reactivate TFA if it was set to "deactivate TFA for next login"
+          $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+          $stmt->execute(array(':user' => $user));
+
+          unset($_SESSION['ldelay']);
+          return "user";
         }
+      } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {
+        // password is a app password
+        $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV';
+        $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
+        $stmt->execute(array(
+          ':service' => $service,
+          ':app_id' => $row['app_passwd_id'],
+          ':username' => $user,
+          ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
+        ));
 
         unset($_SESSION['ldelay']);
-        // Reactivate TFA if it was set to "deactivate TFA for next login"
-        $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-        $stmt->execute(array(':user' => $user));
         return "user";
       }
     }
@@ -1626,12 +1635,8 @@ function verify_tfa_login($username, $_data) {
   global $WebAuthn;
 
   if ($_data['tfa_method'] != 'u2f'){
-    $stmt = $pdo->prepare("SELECT `authmech` FROM `tfa`
-        WHERE `username` = :username AND `id` = :id AND `active` = '1'");
-    $stmt->execute(array(':username' => $username, ':id' => $_data['id']));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
-    switch ($row["authmech"]) {
+    switch ($_data["tfa_method"]) {
         case "yubi_otp":
             if (!ctype_alnum($_data['token']) || strlen($_data['token']) != 44) {
                 $_SESSION['return'][] =  array(
@@ -1645,10 +1650,9 @@ function verify_tfa_login($username, $_data) {
             $stmt = $pdo->prepare("SELECT `id`, `secret` FROM `tfa`
                 WHERE `username` = :username
                 AND `authmech` = 'yubi_otp'
-                AND `id` = :id
                 AND `active` = '1'
                 AND `secret` LIKE :modhex");
-            $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id, ':id' => $_data['id']));
+            $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id));
             $row = $stmt->fetch(PDO::FETCH_ASSOC);
             $yubico_auth = explode(':', $row['secret']);
             $yubi = new Auth_Yubico($yubico_auth[0], $yubico_auth[1]);

data/web/inc/functions.pushover.inc.php

@@ -51,6 +51,7 @@ function pushover($_action, $_data = null) {
           $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
           $evaluate_x_prio = (isset($_data['evaluate_x_prio'])) ? intval($_data['evaluate_x_prio']) : $is_now['evaluate_x_prio'];
           $only_x_prio = (isset($_data['only_x_prio'])) ? intval($_data['only_x_prio']) : $is_now['only_x_prio'];
+          $sound = (isset($_data['sound'])) ? $_data['sound'] : $is_now['sound'];
         }
         else {
           $_SESSION['return'][] = array(
@@ -101,7 +102,8 @@ function pushover($_action, $_data = null) {
         $po_attributes = json_encode(
           array(
             'evaluate_x_prio' => strval(intval($evaluate_x_prio)),
-            'only_x_prio' => strval(intval($only_x_prio))
+            'only_x_prio' => strval(intval($only_x_prio)),
+            'sound' => strval($sound)
           )
         );
         $stmt = $pdo->prepare("REPLACE INTO `pushover` (`username`, `key`, `attributes`, `senders_regex`, `senders`, `token`, `title`, `text`, `active`)

data/web/inc/init_db.inc.php

@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "13072022_1700";
+    $db_version = "17112022_2115";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -738,7 +738,7 @@ function init_db_schema() {
           "username" => "VARCHAR(255) NOT NULL",
           "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')",
           "secret" => "VARCHAR(255) DEFAULT NULL",
-          "keyHandle" => "VARCHAR(255) DEFAULT NULL",
+          "keyHandle" => "VARCHAR(1023) DEFAULT NULL",
           "publicKey" => "VARCHAR(4096) DEFAULT NULL",
           "counter" => "INT NOT NULL DEFAULT '0'",
           "certificate" => "TEXT",
@@ -1264,6 +1264,7 @@ function init_db_schema() {
     $pdo->query("UPDATE `pushover` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
     $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.evaluate_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.evaluate_x_prio') IS NULL;");
     $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.only_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.only_x_prio') IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.sound', \"pushover\") WHERE JSON_VALUE(`attributes`, '$.sound') IS NULL;");
     // mailbox
     $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
     $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");

data/web/inc/lib/composer.lock

@@ -1604,16 +1604,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.3.8",
+            "version": "v3.4.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "972d8604a92b7054828b539f2febb0211dd5945c"
+                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/972d8604a92b7054828b539f2febb0211dd5945c",
-                "reference": "972d8604a92b7054828b539f2febb0211dd5945c",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58",
+                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58",
                 "shasum": ""
             },
             "require": {
@@ -1628,7 +1628,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.3-dev"
+                    "dev-master": "3.4-dev"
                 }
             },
             "autoload": {
@@ -1664,7 +1664,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.3.8"
+                "source": "https://github.com/twigphp/Twig/tree/v3.4.3"
             },
             "funding": [
                 {
@@ -1676,7 +1676,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-02-04T06:59:48+00:00"
+            "time": "2022-09-28T08:42:51+00:00"
         },
         {
             "name": "yubico/u2flib-server",
@@ -1728,5 +1728,5 @@
     "prefer-lowest": false,
     "platform": [],
     "platform-dev": [],
-    "plugin-api-version": "2.2.0"
+    "plugin-api-version": "2.3.0"
 }

data/web/inc/lib/vendor/autoload.php

@@ -2,6 +2,11 @@
 
 // autoload.php @generated by Composer
 
+if (PHP_VERSION_ID < 50600) {
+    echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
+    exit(1);
+}
+
 require_once __DIR__ . '/composer/autoload_real.php';
 
 return ComposerAutoloaderInit873464e4bd965a3168f133248b1b218b::getLoader();

data/web/inc/lib/vendor/composer/InstalledVersions.php

@@ -21,12 +21,14 @@ use Composer\Semver\VersionParser;
  * See also https://getcomposer.org/doc/07-runtime.md#installed-versions
  *
  * To require its presence, you can require `composer-runtime-api ^2.0`
+ *
+ * @final
  */
 class InstalledVersions
 {
     /**
      * @var mixed[]|null
-     * @psalm-var array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}|array{}|null
+     * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
      */
     private static $installed;
 
@@ -37,7 +39,7 @@ class InstalledVersions
 
     /**
      * @var array[]
-     * @psalm-var array<string, array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>
+     * @psalm-var array<string, array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
      */
     private static $installedByVendor = array();
 
@@ -241,7 +243,7 @@ class InstalledVersions
 
     /**
      * @return array
-     * @psalm-return array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}
+     * @psalm-return array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}
      */
     public static function getRootPackage()
     {
@@ -255,7 +257,7 @@ class InstalledVersions
      *
      * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect.
      * @return array[]
-     * @psalm-return array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}
+     * @psalm-return array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}
      */
     public static function getRawData()
     {
@@ -278,7 +280,7 @@ class InstalledVersions
      * Returns the raw data of all installed.php which are currently loaded for custom implementations
      *
      * @return array[]
-     * @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>
+     * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
      */
     public static function getAllRawData()
     {
@@ -301,7 +303,7 @@ class InstalledVersions
      * @param  array[] $data A vendor/composer/installed.php data set
      * @return void
      *
-     * @psalm-param array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>} $data
+     * @psalm-param array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $data
      */
     public static function reload($data)
     {
@@ -311,7 +313,7 @@ class InstalledVersions
 
     /**
      * @return array[]
-     * @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>
+     * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
      */
     private static function getInstalled()
     {

data/web/inc/lib/vendor/composer/autoload_classmap.php

@@ -2,7 +2,7 @@
 
 // autoload_classmap.php @generated by Composer
 
-$vendorDir = dirname(dirname(__FILE__));
+$vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);
 
 return array(

data/web/inc/lib/vendor/composer/autoload_files.php

@@ -2,15 +2,15 @@
 
 // autoload_files.php @generated by Composer
 
-$vendorDir = dirname(dirname(__FILE__));
+$vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);
 
 return array(
     '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => $vendorDir . '/symfony/polyfill-mbstring/bootstrap.php',
-    '320cde22f66dd4f5d3fd621d3e88b98f' => $vendorDir . '/symfony/polyfill-ctype/bootstrap.php',
     'a4a119a56e50fbb293281d9a48007e0e' => $vendorDir . '/symfony/polyfill-php80/bootstrap.php',
     'a1105708a18b76903365ca1c4aa61b02' => $vendorDir . '/symfony/translation/Resources/functions.php',
     '667aeda72477189d0494fecd327c3641' => $vendorDir . '/symfony/var-dumper/Resources/functions/dump.php',
+    '320cde22f66dd4f5d3fd621d3e88b98f' => $vendorDir . '/symfony/polyfill-ctype/bootstrap.php',
     'fe62ba7e10580d903cc46d808b5961a4' => $vendorDir . '/tightenco/collect/src/Collect/Support/helpers.php',
     'caf31cc6ec7cf2241cb6f12c226c3846' => $vendorDir . '/tightenco/collect/src/Collect/Support/alias.php',
     '04c6c5c2f7095ccf6c481d3e53e1776f' => $vendorDir . '/mustangostang/spyc/Spyc.php',

data/web/inc/lib/vendor/composer/autoload_namespaces.php

@@ -2,7 +2,7 @@
 
 // autoload_namespaces.php @generated by Composer
 
-$vendorDir = dirname(dirname(__FILE__));
+$vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);
 
 return array(

data/web/inc/lib/vendor/composer/autoload_psr4.php

@@ -2,7 +2,7 @@
 
 // autoload_psr4.php @generated by Composer
 
-$vendorDir = dirname(dirname(__FILE__));
+$vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);
 
 return array(

data/web/inc/lib/vendor/composer/autoload_real.php

@@ -25,38 +25,15 @@ class ComposerAutoloaderInit873464e4bd965a3168f133248b1b218b
         require __DIR__ . '/platform_check.php';
 
         spl_autoload_register(array('ComposerAutoloaderInit873464e4bd965a3168f133248b1b218b', 'loadClassLoader'), true, true);
-        self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
+        self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
         spl_autoload_unregister(array('ComposerAutoloaderInit873464e4bd965a3168f133248b1b218b', 'loadClassLoader'));
 
-        $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
-        if ($useStaticLoader) {
-            require __DIR__ . '/autoload_static.php';
-
-            call_user_func(\Composer\Autoload\ComposerStaticInit873464e4bd965a3168f133248b1b218b::getInitializer($loader));
-        } else {
-            $map = require __DIR__ . '/autoload_namespaces.php';
-            foreach ($map as $namespace => $path) {
-                $loader->set($namespace, $path);
-            }
-
-            $map = require __DIR__ . '/autoload_psr4.php';
-            foreach ($map as $namespace => $path) {
-                $loader->setPsr4($namespace, $path);
-            }
-
-            $classMap = require __DIR__ . '/autoload_classmap.php';
-            if ($classMap) {
-                $loader->addClassMap($classMap);
-            }
-        }
+        require __DIR__ . '/autoload_static.php';
+        call_user_func(\Composer\Autoload\ComposerStaticInit873464e4bd965a3168f133248b1b218b::getInitializer($loader));
 
         $loader->register(true);
 
-        if ($useStaticLoader) {
-            $includeFiles = Composer\Autoload\ComposerStaticInit873464e4bd965a3168f133248b1b218b::$files;
-        } else {
-            $includeFiles = require __DIR__ . '/autoload_files.php';
-        }
+        $includeFiles = \Composer\Autoload\ComposerStaticInit873464e4bd965a3168f133248b1b218b::$files;
         foreach ($includeFiles as $fileIdentifier => $file) {
             composerRequire873464e4bd965a3168f133248b1b218b($fileIdentifier, $file);
         }

data/web/inc/lib/vendor/composer/autoload_static.php

@@ -8,10 +8,10 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
 {
     public static $files = array (
         '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => __DIR__ . '/..' . '/symfony/polyfill-mbstring/bootstrap.php',
-        '320cde22f66dd4f5d3fd621d3e88b98f' => __DIR__ . '/..' . '/symfony/polyfill-ctype/bootstrap.php',
         'a4a119a56e50fbb293281d9a48007e0e' => __DIR__ . '/..' . '/symfony/polyfill-php80/bootstrap.php',
         'a1105708a18b76903365ca1c4aa61b02' => __DIR__ . '/..' . '/symfony/translation/Resources/functions.php',
         '667aeda72477189d0494fecd327c3641' => __DIR__ . '/..' . '/symfony/var-dumper/Resources/functions/dump.php',
+        '320cde22f66dd4f5d3fd621d3e88b98f' => __DIR__ . '/..' . '/symfony/polyfill-ctype/bootstrap.php',
         'fe62ba7e10580d903cc46d808b5961a4' => __DIR__ . '/..' . '/tightenco/collect/src/Collect/Support/helpers.php',
         'caf31cc6ec7cf2241cb6f12c226c3846' => __DIR__ . '/..' . '/tightenco/collect/src/Collect/Support/alias.php',
         '04c6c5c2f7095ccf6c481d3e53e1776f' => __DIR__ . '/..' . '/mustangostang/spyc/Spyc.php',

data/web/inc/lib/vendor/composer/installed.json

@@ -1654,17 +1654,17 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.3.8",
-            "version_normalized": "3.3.8.0",
+            "version": "v3.4.3",
+            "version_normalized": "3.4.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "972d8604a92b7054828b539f2febb0211dd5945c"
+                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/972d8604a92b7054828b539f2febb0211dd5945c",
-                "reference": "972d8604a92b7054828b539f2febb0211dd5945c",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58",
+                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58",
                 "shasum": ""
             },
             "require": {
@@ -1676,11 +1676,11 @@
                 "psr/container": "^1.0",
                 "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0"
             },
-            "time": "2022-02-04T06:59:48+00:00",
+            "time": "2022-09-28T08:42:51+00:00",
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.3-dev"
+                    "dev-master": "3.4-dev"
                 }
             },
             "installation-source": "dist",
@@ -1717,7 +1717,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.3.8"
+                "source": "https://github.com/twigphp/Twig/tree/v3.4.3"
             },
             "funding": [
                 {

data/web/inc/lib/vendor/composer/installed.php

@@ -1,49 +1,49 @@
 <?php return array(
     'root' => array(
-        'pretty_version' => '1.0.0+no-version-set',
-        'version' => '1.0.0.0',
+        'name' => '__root__',
+        'pretty_version' => 'dev-master',
+        'version' => 'dev-master',
+        'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
-        'reference' => NULL,
-        'name' => '__root__',
         'dev' => true,
     ),
     'versions' => array(
         '__root__' => array(
-            'pretty_version' => '1.0.0+no-version-set',
-            'version' => '1.0.0.0',
+            'pretty_version' => 'dev-master',
+            'version' => 'dev-master',
+            'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
-            'reference' => NULL,
             'dev_requirement' => false,
         ),
         'bshaffer/oauth2-server-php' => array(
             'pretty_version' => 'v1.11.1',
             'version' => '1.11.1.0',
+            'reference' => '5a0c8000d4763b276919e2106f54eddda6bc50fa',
             'type' => 'library',
             'install_path' => __DIR__ . '/../bshaffer/oauth2-server-php',
             'aliases' => array(),
-            'reference' => '5a0c8000d4763b276919e2106f54eddda6bc50fa',
             'dev_requirement' => false,
         ),
         'ddeboer/imap' => array(
             'pretty_version' => '1.13.1',
             'version' => '1.13.1.0',
+            'reference' => '8b772d04b1deadb5df13782fb78c4b648f77496e',
             'type' => 'library',
             'install_path' => __DIR__ . '/../ddeboer/imap',
             'aliases' => array(),
-            'reference' => '8b772d04b1deadb5df13782fb78c4b648f77496e',
             'dev_requirement' => false,
         ),
         'directorytree/ldaprecord' => array(
             'pretty_version' => 'v2.10.1',
             'version' => '2.10.1.0',
+            'reference' => 'bf512d9af7a7b0e2ed7a666ab29cefdd027bee88',
             'type' => 'library',
             'install_path' => __DIR__ . '/../directorytree/ldaprecord',
             'aliases' => array(),
-            'reference' => 'bf512d9af7a7b0e2ed7a666ab29cefdd027bee88',
             'dev_requirement' => false,
         ),
         'exorus/php-mime-mail-parser' => array(
@@ -55,28 +55,28 @@
         'illuminate/contracts' => array(
             'pretty_version' => 'v9.3.0',
             'version' => '9.3.0.0',
+            'reference' => 'bf4b3c254c49d28157645d01e4883b5951b1e1d0',
             'type' => 'library',
             'install_path' => __DIR__ . '/../illuminate/contracts',
             'aliases' => array(),
-            'reference' => 'bf4b3c254c49d28157645d01e4883b5951b1e1d0',
             'dev_requirement' => false,
         ),
         'matthiasmullie/minify' => array(
             'pretty_version' => '1.3.66',
             'version' => '1.3.66.0',
+            'reference' => '45fd3b0f1dfa2c965857c6d4a470bea52adc31a6',
             'type' => 'library',
             'install_path' => __DIR__ . '/../matthiasmullie/minify',
             'aliases' => array(),
-            'reference' => '45fd3b0f1dfa2c965857c6d4a470bea52adc31a6',
             'dev_requirement' => false,
         ),
         'matthiasmullie/path-converter' => array(
             'pretty_version' => '1.1.3',
             'version' => '1.1.3.0',
+            'reference' => 'e7d13b2c7e2f2268e1424aaed02085518afa02d9',
             'type' => 'library',
             'install_path' => __DIR__ . '/../matthiasmullie/path-converter',
             'aliases' => array(),
-            'reference' => 'e7d13b2c7e2f2268e1424aaed02085518afa02d9',
             'dev_requirement' => false,
         ),
         'messaged/php-mime-mail-parser' => array(
@@ -88,136 +88,136 @@
         'mustangostang/spyc' => array(
             'pretty_version' => '0.6.3',
             'version' => '0.6.3.0',
+            'reference' => '4627c838b16550b666d15aeae1e5289dd5b77da0',
             'type' => 'library',
             'install_path' => __DIR__ . '/../mustangostang/spyc',
             'aliases' => array(),
-            'reference' => '4627c838b16550b666d15aeae1e5289dd5b77da0',
             'dev_requirement' => false,
         ),
         'nesbot/carbon' => array(
             'pretty_version' => '2.57.0',
             'version' => '2.57.0.0',
+            'reference' => '4a54375c21eea4811dbd1149fe6b246517554e78',
             'type' => 'library',
             'install_path' => __DIR__ . '/../nesbot/carbon',
             'aliases' => array(),
-            'reference' => '4a54375c21eea4811dbd1149fe6b246517554e78',
             'dev_requirement' => false,
         ),
         'paragonie/random_compat' => array(
             'pretty_version' => 'v9.99.100',
             'version' => '9.99.100.0',
+            'reference' => '996434e5492cb4c3edcb9168db6fbb1359ef965a',
             'type' => 'library',
             'install_path' => __DIR__ . '/../paragonie/random_compat',
             'aliases' => array(),
-            'reference' => '996434e5492cb4c3edcb9168db6fbb1359ef965a',
             'dev_requirement' => false,
         ),
         'php-mime-mail-parser/php-mime-mail-parser' => array(
             'pretty_version' => '7.0.0',
             'version' => '7.0.0.0',
+            'reference' => '9d09a017f3f103fec8456211a4a538b80e0eca0d',
             'type' => 'library',
             'install_path' => __DIR__ . '/../php-mime-mail-parser/php-mime-mail-parser',
             'aliases' => array(),
-            'reference' => '9d09a017f3f103fec8456211a4a538b80e0eca0d',
             'dev_requirement' => false,
         ),
         'phpmailer/phpmailer' => array(
             'pretty_version' => 'v6.6.0',
             'version' => '6.6.0.0',
+            'reference' => 'e43bac82edc26ca04b36143a48bde1c051cfd5b1',
             'type' => 'library',
             'install_path' => __DIR__ . '/../phpmailer/phpmailer',
             'aliases' => array(),
-            'reference' => 'e43bac82edc26ca04b36143a48bde1c051cfd5b1',
             'dev_requirement' => false,
         ),
         'psr/container' => array(
             'pretty_version' => '2.0.2',
             'version' => '2.0.2.0',
+            'reference' => 'c71ecc56dfe541dbd90c5360474fbc405f8d5963',
             'type' => 'library',
             'install_path' => __DIR__ . '/../psr/container',
             'aliases' => array(),
-            'reference' => 'c71ecc56dfe541dbd90c5360474fbc405f8d5963',
             'dev_requirement' => false,
         ),
         'psr/log' => array(
             'pretty_version' => '3.0.0',
             'version' => '3.0.0.0',
+            'reference' => 'fe5ea303b0887d5caefd3d431c3e61ad47037001',
             'type' => 'library',
             'install_path' => __DIR__ . '/../psr/log',
             'aliases' => array(),
-            'reference' => 'fe5ea303b0887d5caefd3d431c3e61ad47037001',
             'dev_requirement' => false,
         ),
         'psr/simple-cache' => array(
             'pretty_version' => '2.0.0',
             'version' => '2.0.0.0',
+            'reference' => '8707bf3cea6f710bf6ef05491234e3ab06f6432a',
             'type' => 'library',
             'install_path' => __DIR__ . '/../psr/simple-cache',
             'aliases' => array(),
-            'reference' => '8707bf3cea6f710bf6ef05491234e3ab06f6432a',
             'dev_requirement' => false,
         ),
         'robthree/twofactorauth' => array(
             'pretty_version' => '1.8.1',
             'version' => '1.8.1.0',
+            'reference' => '5afcb45282f1c75562a48d479ecd1732c9bdb11b',
             'type' => 'library',
             'install_path' => __DIR__ . '/../robthree/twofactorauth',
             'aliases' => array(),
-            'reference' => '5afcb45282f1c75562a48d479ecd1732c9bdb11b',
             'dev_requirement' => false,
         ),
         'soundasleep/html2text' => array(
             'pretty_version' => '0.5.0',
             'version' => '0.5.0.0',
+            'reference' => 'cdb89f6ffa2c4cc78f8ed9ea6ee0594a9133ccad',
             'type' => 'library',
             'install_path' => __DIR__ . '/../soundasleep/html2text',
             'aliases' => array(),
-            'reference' => 'cdb89f6ffa2c4cc78f8ed9ea6ee0594a9133ccad',
             'dev_requirement' => false,
         ),
         'symfony/polyfill-ctype' => array(
             'pretty_version' => 'v1.24.0',
             'version' => '1.24.0.0',
+            'reference' => '30885182c981ab175d4d034db0f6f469898070ab',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/polyfill-ctype',
             'aliases' => array(),
-            'reference' => '30885182c981ab175d4d034db0f6f469898070ab',
             'dev_requirement' => false,
         ),
         'symfony/polyfill-mbstring' => array(
             'pretty_version' => 'v1.24.0',
             'version' => '1.24.0.0',
+            'reference' => '0abb51d2f102e00a4eefcf46ba7fec406d245825',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/polyfill-mbstring',
             'aliases' => array(),
-            'reference' => '0abb51d2f102e00a4eefcf46ba7fec406d245825',
             'dev_requirement' => false,
         ),
         'symfony/polyfill-php80' => array(
             'pretty_version' => 'v1.24.0',
             'version' => '1.24.0.0',
+            'reference' => '57b712b08eddb97c762a8caa32c84e037892d2e9',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/polyfill-php80',
             'aliases' => array(),
-            'reference' => '57b712b08eddb97c762a8caa32c84e037892d2e9',
             'dev_requirement' => false,
         ),
         'symfony/translation' => array(
             'pretty_version' => 'v6.0.5',
             'version' => '6.0.5.0',
+            'reference' => 'e69501c71107cc3146b32aaa45f4edd0c3427875',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/translation',
             'aliases' => array(),
-            'reference' => 'e69501c71107cc3146b32aaa45f4edd0c3427875',
             'dev_requirement' => false,
         ),
         'symfony/translation-contracts' => array(
             'pretty_version' => 'v3.0.0',
             'version' => '3.0.0.0',
+            'reference' => '1b6ea5a7442af5a12dba3dbd6d71034b5b234e77',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/translation-contracts',
             'aliases' => array(),
-            'reference' => '1b6ea5a7442af5a12dba3dbd6d71034b5b234e77',
             'dev_requirement' => false,
         ),
         'symfony/translation-implementation' => array(
@@ -229,37 +229,37 @@
         'symfony/var-dumper' => array(
             'pretty_version' => 'v6.0.5',
             'version' => '6.0.5.0',
+            'reference' => '60d6a756d5f485df5e6e40b337334848f79f61ce',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/var-dumper',
             'aliases' => array(),
-            'reference' => '60d6a756d5f485df5e6e40b337334848f79f61ce',
             'dev_requirement' => false,
         ),
         'tightenco/collect' => array(
             'pretty_version' => 'v8.83.2',
             'version' => '8.83.2.0',
+            'reference' => 'd9c66d586ec2d216d8a31283d73f8df1400cc722',
             'type' => 'library',
             'install_path' => __DIR__ . '/../tightenco/collect',
             'aliases' => array(),
-            'reference' => 'd9c66d586ec2d216d8a31283d73f8df1400cc722',
             'dev_requirement' => false,
         ),
         'twig/twig' => array(
-            'pretty_version' => 'v3.3.8',
-            'version' => '3.3.8.0',
+            'pretty_version' => 'v3.4.3',
+            'version' => '3.4.3.0',
+            'reference' => 'c38fd6b0b7f370c198db91ffd02e23b517426b58',
             'type' => 'library',
             'install_path' => __DIR__ . '/../twig/twig',
             'aliases' => array(),
-            'reference' => '972d8604a92b7054828b539f2febb0211dd5945c',
             'dev_requirement' => false,
         ),
         'yubico/u2flib-server' => array(
             'pretty_version' => '1.0.2',
             'version' => '1.0.2.0',
+            'reference' => '55d813acf68212ad2cadecde07551600d6971939',
             'type' => 'library',
             'install_path' => __DIR__ . '/../yubico/u2flib-server',
             'aliases' => array(),
-            'reference' => '55d813acf68212ad2cadecde07551600d6971939',
             'dev_requirement' => false,
         ),
     ),

data/web/inc/lib/vendor/twig/twig/.gitattributes

@@ -1,4 +1,4 @@
-/doc/** export-ignore
-/extra/** export-ignore
-/tests export-ignore
+/doc/ export-ignore
+/extra/ export-ignore
+/tests/ export-ignore
 /phpunit.xml.dist export-ignore

data/web/inc/lib/vendor/twig/twig/.github/workflows/ci.yml

@@ -9,6 +9,9 @@ on:
 env:
     SYMFONY_PHPUNIT_DISABLE_RESULT_CACHE: 1
 
+permissions:
+  contents: read
+
 jobs:
     tests:
         name: "PHP ${{ matrix.php-version }}"
@@ -25,36 +28,23 @@ jobs:
                     - '7.4'
                     - '8.0'
                     - '8.1'
-                composer-options: ['']
                 experimental: [false]
 
         steps:
             - name: "Checkout code"
-              uses: actions/checkout@v2.3.3
+              uses: actions/checkout@v2
 
             - name: "Install PHP with extensions"
-              uses: shivammathur/setup-php@2.7.0
+              uses: shivammathur/setup-php@v2
               with:
                   coverage: "none"
                   php-version: ${{ matrix.php-version }}
                   ini-values: memory_limit=-1
-                  tools: composer:v2
 
             - name: "Add PHPUnit matcher"
               run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
 
-            - name: "Set composer cache directory"
-              id: composer-cache
-              run: echo "::set-output name=dir::$(composer config cache-files-dir)"
-
-            - name: "Cache composer"
-              uses: actions/cache@v2.1.2
-              with:
-                  path: ${{ steps.composer-cache.outputs.dir }}
-                  key: ${{ runner.os }}-${{ matrix.php-version }}-composer-${{ hashFiles('composer.json') }}
-                  restore-keys: ${{ runner.os }}-${{ matrix.php-version }}-composer-
-
-            - run: composer install ${{ matrix.composer-options }}
+            - run: composer install
 
             - name: "Install PHPUnit"
               run: vendor/bin/simple-phpunit install
@@ -92,35 +82,22 @@ jobs:
                     - 'extra/markdown-extra'
                     - 'extra/string-extra'
                     - 'extra/twig-extra-bundle'
-                composer-options: ['']
                 experimental: [false]
 
         steps:
             - name: "Checkout code"
-              uses: actions/checkout@v2.3.3
+              uses: actions/checkout@v2
 
             - name: "Install PHP with extensions"
-              uses: shivammathur/setup-php@2.7.0
+              uses: shivammathur/setup-php@v2
               with:
                   coverage: "none"
                   php-version: ${{ matrix.php-version }}
                   ini-values: memory_limit=-1
-                  tools: composer:v2
 
             - name: "Add PHPUnit matcher"
               run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
 
-            - name: "Set composer cache directory"
-              id: composer-cache
-              run: echo "::set-output name=dir::$(composer config cache-files-dir)"
-
-            - name: "Cache composer"
-              uses: actions/cache@v2.1.2
-              with:
-                  path: ${{ steps.composer-cache.outputs.dir }}
-                  key: ${{ runner.os }}-${{ matrix.php-version }}-${{ matrix.extension }}-${{ hashFiles('composer.json') }}
-                  restore-keys: ${{ runner.os }}-${{ matrix.php-version }}-${{ matrix.extension }}-
-
             - run: composer install
 
             - name: "Install PHPUnit"
@@ -129,10 +106,6 @@ jobs:
             - name: "PHPUnit version"
               run: vendor/bin/simple-phpunit --version
 
-            - if: matrix.extension == 'extra/markdown-extra' && matrix.php-version == '8.0'
-              working-directory: ${{ matrix.extension}}
-              run: composer config platform.php 7.4.99
-
             - name: "Composer install"
               working-directory: ${{ matrix.extension}}
               run: composer install
@@ -140,6 +113,7 @@ jobs:
             - name: "Run tests"
               working-directory: ${{ matrix.extension}}
               run: ../../vendor/bin/simple-phpunit
+
 #
 #    Drupal does not support Twig 3 now!
 #
@@ -160,10 +134,10 @@ jobs:
 #
 #        steps:
 #            - name: "Checkout code"
-#              uses: actions/checkout@v2.3.3
+#              uses: actions/checkout@v2
 #
 #            - name: "Install PHP with extensions"
-#              uses: shivammathur/setup-php@2.7.0
+#              uses: shivammathur/setup-php@2
 #              with:
 #                  coverage: "none"
 #                  extensions: "gd, pdo_sqlite"

data/web/inc/lib/vendor/twig/twig/.github/workflows/documentation.yml

@@ -4,8 +4,12 @@ on:
     pull_request:
     push:
         branches:
+            - '2.x'
             - '3.x'
 
+permissions:
+  contents: read
+
 jobs:
     build:
         name: "Build"
@@ -16,32 +20,32 @@ jobs:
             -   name: "Checkout code"
                 uses: actions/checkout@v2
 
-            -   name: "Set up Python 3.7"
-                uses: actions/setup-python@v1
+            -   name: "Set-up PHP"
+                uses: shivammathur/setup-php@v2
                 with:
-                    python-version: '3.7' # Semantic version range syntax or exact version of a Python version
+                    php-version: 8.1
+                    coverage: none
+                    tools: "composer:v2"
 
-            -   name: "Display Python version"
-                run: python -c "import sys; print(sys.version)"
+            -   name: Get composer cache directory
+                id: composercache
+                working-directory: doc/_build
+                run: echo "::set-output name=dir::$(composer config cache-files-dir)"
 
-            -   name: "Install Sphinx dependencies"
-                run: sudo apt-get install python-dev build-essential
-
-            -   name: "Cache pip"
+            -   name: Cache dependencies
                 uses: actions/cache@v2
                 with:
-                    path: ~/.cache/pip
-                    key: ${{ runner.os }}-pip-${{ hashFiles('_build/.requirements.txt') }}
-                    restore-keys: |
-                        ${{ runner.os }}-pip-
+                    path: ${{ steps.composercache.outputs.dir }}
+                    key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+                    restore-keys: ${{ runner.os }}-composer-
 
-            -   name: "Install Sphinx + requirements via pip"
-                working-directory: "doc"
-                run: pip install -r _build/.requirements.txt
+            -   name: "Install dependencies"
+                working-directory: doc/_build
+                run: composer install --prefer-dist --no-progress
 
-            -   name: "Build documentation"
-                working-directory: "doc"
-                run: make -C _build SPHINXOPTS="-nqW -j auto" html
+            -   name: "Build the docs"
+                working-directory: doc/_build
+                run: php build.php --disable-cache
 
     doctor-rst:
         name: "DOCtor-RST"

data/web/inc/lib/vendor/twig/twig/.gitignore

@@ -1,3 +1,5 @@
+/doc/_build/vendor
+/doc/_build/output
 /composer.lock
 /phpunit.xml
 /vendor

data/web/inc/lib/vendor/twig/twig/CHANGELOG

@@ -1,6 +1,36 @@
+# 3.4.3 (2022-09-28)
+
+ * Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
+
+# 3.4.2 (2022-08-12)
+
+ * Allow inherited magic method to still run with calling class
+ * Fix CallExpression::reflectCallable() throwing TypeError
+ * Fix typo in naming (currency_code)
+
+# 3.4.1 (2022-05-17)
+
+* Fix optimizing non-public named closures
+
+# 3.4.0 (2022-05-22)
+
+ * Add support for named closures
+
+# 3.3.10 (2022-04-06)
+
+ * Enable bytecode invalidation when auto_reload is enabled
+
+# 3.3.9 (2022-03-25)
+
+ * Fix custom escapers when using multiple Twig environments
+ * Add support for "constant('class', object)"
+ * Do not reuse internally generated variable names during parsing
+
 # 3.3.8 (2022-02-04)
 
  * Fix a security issue when in a sandbox: the `sort` filter must require a Closure for the `arrow` parameter
+ * Fix deprecation notice on `round`
+ * Fix call to deprecated `convertToHtml` method
 
 # 3.3.7 (2022-01-03)
 

data/web/inc/lib/vendor/twig/twig/composer.json

@@ -44,7 +44,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "3.3-dev"
+            "dev-master": "3.4-dev"
         }
     }
 }

data/web/inc/lib/vendor/twig/twig/src/Environment.php

@@ -38,11 +38,11 @@ use Twig\TokenParser\TokenParserInterface;
  */
 class Environment
 {
-    public const VERSION = '3.3.8';
-    public const VERSION_ID = 30308;
+    public const VERSION = '3.4.3';
+    public const VERSION_ID = 30403;
     public const MAJOR_VERSION = 3;
-    public const MINOR_VERSION = 3;
-    public const RELEASE_VERSION = 8;
+    public const MINOR_VERSION = 4;
+    public const RELEASE_VERSION = 3;
     public const EXTRA_VERSION = '';
 
     private $charset;
@@ -228,7 +228,7 @@ class Environment
     {
         if (\is_string($cache)) {
             $this->originalCache = $cache;
-            $this->cache = new FilesystemCache($cache);
+            $this->cache = new FilesystemCache($cache, $this->autoReload ? FilesystemCache::FORCE_BYTECODE_INVALIDATION : 0);
         } elseif (false === $cache) {
             $this->originalCache = $cache;
             $this->cache = new NullCache();

data/web/inc/lib/vendor/twig/twig/src/ExpressionParser.php

@@ -485,7 +485,7 @@ class ExpressionParser
                     }
                 }
             } else {
-                throw new SyntaxError('Expected name or number.', $lineno, $stream->getSourceContext());
+                throw new SyntaxError(sprintf('Expected name or number, got value "%s" of type %s.', $token->getValue(), Token::typeToEnglish($token->getType())), $lineno, $stream->getSourceContext());
             }
 
             if ($node instanceof NameExpression && null !== $this->parser->getImportedSymbol('template', $node->getAttribute('name'))) {

data/web/inc/lib/vendor/twig/twig/src/Extension/CoreExtension.php

@@ -1359,6 +1359,10 @@ function twig_source(Environment $env, $name, $ignoreMissing = false)
 function twig_constant($constant, $object = null)
 {
     if (null !== $object) {
+        if ('class' === $constant) {
+            return \get_class($object);
+        }
+
         $constant = \get_class($object).'::'.$constant;
     }
 
@@ -1376,6 +1380,10 @@ function twig_constant($constant, $object = null)
 function twig_constant_is_defined($constant, $object = null)
 {
     if (null !== $object) {
+        if ('class' === $constant) {
+            return true;
+        }
+
         $constant = \get_class($object).'::'.$constant;
     }
 

data/web/inc/lib/vendor/twig/twig/src/Extension/EscaperExtension.php

@@ -387,13 +387,8 @@ function twig_escape_filter(Environment $env, $string, $strategy = 'html', $char
             return rawurlencode($string);
 
         default:
-            static $escapers;
-
-            if (null === $escapers) {
-                $escapers = $env->getExtension(EscaperExtension::class)->getEscapers();
-            }
-
-            if (isset($escapers[$strategy])) {
+            $escapers = $env->getExtension(EscaperExtension::class)->getEscapers();
+            if (array_key_exists($strategy, $escapers)) {
                 return $escapers[$strategy]($env, $string, $charset);
             }
 

data/web/inc/lib/vendor/twig/twig/src/Extension/SandboxExtension.php

@@ -91,11 +91,11 @@ final class SandboxExtension extends AbstractExtension
         }
     }
 
-    public function checkPropertyAllowed($obj, $method, int $lineno = -1, Source $source = null): void
+    public function checkPropertyAllowed($obj, $property, int $lineno = -1, Source $source = null): void
     {
         if ($this->isSandboxed()) {
             try {
-                $this->policy->checkPropertyAllowed($obj, $method);
+                $this->policy->checkPropertyAllowed($obj, $property);
             } catch (SecurityNotAllowedPropertyError $e) {
                 $e->setSourceContext($source);
                 $e->setTemplateLine($lineno);

data/web/inc/lib/vendor/twig/twig/src/Loader/FilesystemLoader.php

@@ -183,9 +183,9 @@ class FilesystemLoader implements LoaderInterface
         }
 
         try {
-            $this->validateName($name);
-
             list($namespace, $shortname) = $this->parseName($name);
+
+            $this->validateName($shortname);
         } catch (LoaderError $e) {
             if (!$throw) {
                 return null;

data/web/inc/lib/vendor/twig/twig/src/Node/Expression/CallExpression.php

@@ -24,19 +24,20 @@ abstract class CallExpression extends AbstractExpression
     {
         $callable = $this->getAttribute('callable');
 
-        $closingParenthesis = false;
-        $isArray = false;
         if (\is_string($callable) && false === strpos($callable, '::')) {
             $compiler->raw($callable);
         } else {
-            list($r, $callable) = $this->reflectCallable($callable);
-            if ($r instanceof \ReflectionMethod && \is_string($callable[0])) {
-                if ($r->isStatic()) {
+            [$r, $callable] = $this->reflectCallable($callable);
+
+            if (\is_string($callable)) {
+                $compiler->raw($callable);
+            } elseif (\is_array($callable) && \is_string($callable[0])) {
+                if (!$r instanceof \ReflectionMethod || $r->isStatic()) {
                     $compiler->raw(sprintf('%s::%s', $callable[0], $callable[1]));
                 } else {
                     $compiler->raw(sprintf('$this->env->getRuntime(\'%s\')->%s', $callable[0], $callable[1]));
                 }
-            } elseif ($r instanceof \ReflectionMethod && $callable[0] instanceof ExtensionInterface) {
+            } elseif (\is_array($callable) && $callable[0] instanceof ExtensionInterface) {
                 $class = \get_class($callable[0]);
                 if (!$compiler->getEnvironment()->hasExtension($class)) {
                     // Compile a non-optimized call to trigger a \Twig\Error\RuntimeError, which cannot be a compile-time error
@@ -47,17 +48,11 @@ abstract class CallExpression extends AbstractExpression
 
                 $compiler->raw(sprintf('->%s', $callable[1]));
             } else {
-                $closingParenthesis = true;
-                $isArray = true;
-                $compiler->raw(sprintf('call_user_func_array($this->env->get%s(\'%s\')->getCallable(), ', ucfirst($this->getAttribute('type')), $this->getAttribute('name')));
+                $compiler->raw(sprintf('$this->env->get%s(\'%s\')->getCallable()', ucfirst($this->getAttribute('type')), $this->getAttribute('name')));
             }
         }
 
-        $this->compileArguments($compiler, $isArray);
-
-        if ($closingParenthesis) {
-            $compiler->raw(')');
-        }
+        $this->compileArguments($compiler);
     }
 
     protected function compileArguments(Compiler $compiler, $isArray = false): void
@@ -244,10 +239,7 @@ abstract class CallExpression extends AbstractExpression
 
     private function getCallableParameters($callable, bool $isVariadic): array
     {
-        list($r) = $this->reflectCallable($callable);
-        if (null === $r) {
-            return [[], false];
-        }
+        [$r, , $callableName] = $this->reflectCallable($callable);
 
         $parameters = $r->getParameters();
         if ($this->hasNode('node')) {
@@ -274,11 +266,6 @@ abstract class CallExpression extends AbstractExpression
                 array_pop($parameters);
                 $isPhpVariadic = true;
             } else {
-                $callableName = $r->name;
-                if ($r instanceof \ReflectionMethod) {
-                    $callableName = $r->getDeclaringClass()->name.'::'.$callableName;
-                }
-
                 throw new \LogicException(sprintf('The last parameter of "%s" for %s "%s" must be an array with default value, eg. "array $arg = []".', $callableName, $this->getAttribute('type'), $this->getAttribute('name')));
             }
         }
@@ -292,29 +279,41 @@ abstract class CallExpression extends AbstractExpression
             return $this->reflector;
         }
 
-        if (\is_array($callable)) {
-            if (!method_exists($callable[0], $callable[1])) {
-                // __call()
-                return [null, []];
-            }
-            $r = new \ReflectionMethod($callable[0], $callable[1]);
-        } elseif (\is_object($callable) && !$callable instanceof \Closure) {
-            $r = new \ReflectionObject($callable);
-            $r = $r->getMethod('__invoke');
-            $callable = [$callable, '__invoke'];
-        } elseif (\is_string($callable) && false !== $pos = strpos($callable, '::')) {
-            $class = substr($callable, 0, $pos);
-            $method = substr($callable, $pos + 2);
-            if (!method_exists($class, $method)) {
-                // __staticCall()
-                return [null, []];
-            }
-            $r = new \ReflectionMethod($callable);
-            $callable = [$class, $method];
-        } else {
-            $r = new \ReflectionFunction($callable);
+        if (\is_string($callable) && false !== $pos = strpos($callable, '::')) {
+            $callable = [substr($callable, 0, $pos), substr($callable, 2 + $pos)];
         }
 
-        return $this->reflector = [$r, $callable];
+        if (\is_array($callable) && method_exists($callable[0], $callable[1])) {
+            $r = new \ReflectionMethod($callable[0], $callable[1]);
+
+            return $this->reflector = [$r, $callable, $r->class.'::'.$r->name];
+        }
+
+        $checkVisibility = $callable instanceof \Closure;
+        try {
+            $closure = \Closure::fromCallable($callable);
+        } catch (\TypeError $e) {
+            throw new \LogicException(sprintf('Callback for %s "%s" is not callable in the current scope.', $this->getAttribute('type'), $this->getAttribute('name')), 0, $e);
+        }
+        $r = new \ReflectionFunction($closure);
+
+        if (false !== strpos($r->name, '{closure}')) {
+            return $this->reflector = [$r, $callable, 'Closure'];
+        }
+
+        if ($object = $r->getClosureThis()) {
+            $callable = [$object, $r->name];
+            $callableName = (\function_exists('get_debug_type') ? get_debug_type($object) : \get_class($object)).'::'.$r->name;
+        } elseif ($class = $r->getClosureScopeClass()) {
+            $callableName = (\is_array($callable) ? $callable[0] : $class->name).'::'.$r->name;
+        } else {
+            $callable = $callableName = $r->name;
+        }
+
+        if ($checkVisibility && \is_array($callable) && method_exists(...$callable) && !(new \ReflectionMethod(...$callable))->isPublic()) {
+            $callable = $r->getClosure();
+        }
+
+        return $this->reflector = [$r, $callable, $callableName];
     }
 }

data/web/inc/lib/vendor/twig/twig/src/Parser.php

@@ -58,7 +58,7 @@ class Parser
     public function parse(TokenStream $stream, $test = null, bool $dropNeedle = false): ModuleNode
     {
         $vars = get_object_vars($this);
-        unset($vars['stack'], $vars['env'], $vars['handlers'], $vars['visitors'], $vars['expressionParser'], $vars['reservedMacroNames']);
+        unset($vars['stack'], $vars['env'], $vars['handlers'], $vars['visitors'], $vars['expressionParser'], $vars['reservedMacroNames'], $vars['varNameSalt']);
         $this->stack[] = $vars;
 
         // node visitors
@@ -78,7 +78,6 @@ class Parser
         $this->blockStack = [];
         $this->importedSymbols = [[]];
         $this->embeddedTemplates = [];
-        $this->varNameSalt = 0;
 
         try {
             $body = $this->subparse($test, $dropNeedle);

data/web/inc/lib/vendor/twig/twig/src/Sandbox/SecurityPolicyInterface.php

@@ -19,17 +19,27 @@ namespace Twig\Sandbox;
 interface SecurityPolicyInterface
 {
     /**
+     * @param string[] $tags
+     * @param string[] $filters
+     * @param string[] $functions
+     *
      * @throws SecurityError
      */
     public function checkSecurity($tags, $filters, $functions): void;
 
     /**
+     * @param object $obj
+     * @param string $method
+     *
      * @throws SecurityNotAllowedMethodError
      */
     public function checkMethodAllowed($obj, $method): void;
 
     /**
+     * @param object $obj
+     * @param string $property
+     *
      * @throws SecurityNotAllowedPropertyError
      */
-    public function checkPropertyAllowed($obj, $method): void;
+    public function checkPropertyAllowed($obj, $property): void;
 }

data/web/inc/prerequisites.inc.php

@@ -195,9 +195,65 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
 // Set language
 if (!isset($_SESSION['mailcow_locale']) && !isset($_COOKIE['mailcow_locale'])) {
   if ($DETECT_LANGUAGE && isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
-    $header_lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2));
-    if (array_key_exists($header_lang, $AVAILABLE_LANGUAGES)) {
-      $_SESSION['mailcow_locale'] = $header_lang;
+    // regex inspired from @GabrielAnderson on http://stackoverflow.com/questions/6038236/http-accept-language
+    preg_match_all('/([a-z]{1,8}(-[a-z]{1,8})*)\s*(;\s*q\s*=\s*(1|0\.[0-9]+))?/i', $_SERVER['HTTP_ACCEPT_LANGUAGE'], $lang_parse);
+
+    $langs = $lang_parse[1];
+    $ranks = $lang_parse[4];
+
+    // (create an associative array 'language' => 'preference')
+    $lang2pref = array();
+    for ($i=0; $i<count($langs); $i++) {
+      $lang2pref[strtolower($langs[$i])] = (float) (!empty($ranks[$i]) ? $ranks[$i] : 1);
+    }
+
+    // (comparison function for uksort)
+    $cmpLangs = function ($a, $b) use ($lang2pref) {
+      if ($lang2pref[$a] > $lang2pref[$b])
+        return -1;
+      elseif ($lang2pref[$a] < $lang2pref[$b])
+        return 1;
+      elseif (strlen($a) > strlen($b))
+        return -1;
+      elseif (strlen($a) < strlen($b))
+        return 1;
+      else
+        return 0;
+    };
+
+    // sort the languages by prefered language and by the most specific region
+    uksort($lang2pref, $cmpLangs);
+
+    // generate language array without the region part
+    $AVAILABLE_BASE_LANGUAGES=array();
+    foreach ($AVAILABLE_LANGUAGES as $code => $lang) {
+      $base_code = substr($code, 0, 2);
+      if (!array_key_exists($base_code, $AVAILABLE_BASE_LANGUAGES)) {
+        $AVAILABLE_BASE_LANGUAGES[$base_code] = $code;
+      }
+    }
+
+    // Find a perfect match or partial match
+    // Match en-gb or en
+    foreach ($lang2pref as $lang => $q) {
+      if (array_key_exists($lang, $AVAILABLE_LANGUAGES)) {
+        $_SESSION['mailcow_locale'] = $lang;
+        break;
+      } elseif (array_key_exists($lang, $AVAILABLE_BASE_LANGUAGES)) {
+        $_SESSION['mailcow_locale'] = $AVAILABLE_BASE_LANGUAGES[$lang];
+        break;
+      }
+    }
+
+    // Try suggest match
+    // e.g. suggest en-gb when only en-us is provided
+    if (!isset($_COOKIE['mailcow_locale'])) {
+      foreach ($lang2pref as $lang => $q) {
+        if (array_key_exists(substr($lang, 0, 2), $AVAILABLE_BASE_LANGUAGES)) {
+          $_SESSION['mailcow_locale'] = $AVAILABLE_BASE_LANGUAGES[substr($lang, 0, 2)];
+          break;
+        }
+      }
     }
   }
   else {
@@ -215,7 +271,7 @@ if (isset($_GET['lang']) && array_key_exists($_GET['lang'], $AVAILABLE_LANGUAGES
 /*
  * load language
  */
-$lang = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/lang/lang.en.json'), true);
+$lang = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/lang/lang.en-gb.json'), true);
 
 $langFile = $_SERVER['DOCUMENT_ROOT'] . '/lang/lang.'.$_SESSION['mailcow_locale'].'.json';
 if(file_exists($langFile)) {

data/web/inc/vars.inc.php

@@ -76,32 +76,35 @@ $autodiscover_config = array(
 $DETECT_LANGUAGE = true;
 
 // Change default language
-$DEFAULT_LANG = 'en';
+$DEFAULT_LANG = 'en-gb';
 
 // Available languages
 // https://www.iso.org/obp/ui/#search
-// https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes
+// https://en.wikipedia.org/wiki/IETF_language_tag
 $AVAILABLE_LANGUAGES = array(
-  'cs' => 'Čeština (Czech)',
-  'da' => 'Danish (Dansk)',
-  'de' => 'Deutsch (German)',
-  'en' => 'English',
-  'es' => 'Español (Spanish)',
-  'fi' => 'Suomi (Finish)',
-  'fr' => 'Français (French)',
-  'hu' => 'Magyar (Hungarian)',
-  'it' => 'Italiano (Italian)',
-  'ko' => '한국어 (Korean)',
-  'lv' => 'latviešu (Latvian)',
-  'nl' => 'Nederlands (Dutch)',
-  'pl' => 'Język Polski (Polish)',
-  'pt' => 'Português (Portuguese)',
-  'ro' => 'Română (Romanian)',
-  'ru' => 'Pусский (Russian)',
-  'sk' => 'Slovenčina (Slovak)',
-  'sv' => 'Svenska (Swedish)',
-  'uk' => 'Українська (Ukrainian)',
-  'zh' => '中文 (Chinese)'
+  // 'ca-es' => 'Català (Catalan)',
+  'cs-cz' => 'Čeština (Czech)',
+  'da-dk' => 'Danish (Dansk)',
+  'de-de' => 'Deutsch (German)',
+  'en-gb' => 'English',
+  'es-es' => 'Español (Spanish)',
+  'fi-fi' => 'Suomi (Finish)',
+  'fr-fr' => 'Français (French)',
+  'hu-hu' => 'Magyar (Hungarian)',
+  'it-it' => 'Italiano (Italian)',
+  'ko-kr' => '한국어 (Korean)',
+  'lv-lv' => 'latviešu (Latvian)',
+  'nl-nl' => 'Nederlands (Dutch)',
+  'pl-pl' => 'Język Polski (Polish)',
+  'pt-pt' => 'Português (Portuguese)',
+  'ro-ro' => 'Română (Romanian)',
+  'ru-ru' => 'Pусский (Russian)',
+  'sk-sk' => 'Slovenčina (Slovak)',
+  'sv-se' => 'Svenska (Swedish)',
+  'tr-tr' => 'Türkçe (Turkish)',
+  'uk-ua' => 'Українська (Ukrainian)',
+  'zh-cn' => '简体中文 (Simplified Chinese)',
+  'zh-tw' => '繁體中文 (Traditional Chinese)',
 );
 
 // Change theme (default: lumen)

data/web/lang/lang.cs-cz.json

@@ -839,7 +839,7 @@
         "confirm_delete": "Potvrdit smazání prvku.",
         "danger": "Nebezpečí",
         "deliver_inbox": "Doručit do schránky",
-        "disabled_by_config": "Funkce karanténa je momentálně vypnuta v nastavení systému.",
+        "disabled_by_config": "Funkce karanténa je momentálně vypnuta v nastavení systému. Nastavte, prosím, prvkům karantény hodnoty \"počet zadržených zpráv\" a \"maximální velikost\".",
         "download_eml": "Stáhnout (.eml)",
         "empty": "Žádné výsledky",
         "high_danger": "Vysoké nebezpečí",

data/web/lang/lang.en-gb.json

@@ -574,6 +574,7 @@
         "pushover_sender_regex": "Consider the following sender regex",
         "pushover_text": "Notification text",
         "pushover_title": "Notification title",
+        "pushover_sound": "Sound",
         "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
         "pushover_verify": "Verify credentials",
         "quota_mb": "Quota (MiB)",
@@ -1097,6 +1098,7 @@
         "pushover_sender_regex": "Match senders by the following regex",
         "pushover_text": "Notification text",
         "pushover_title": "Notification title",
+        "pushover_sound": "Sound",
         "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
         "pushover_verify": "Verify credentials",
         "q_add_header": "Junk folder",

data/web/lang/lang.fr-fr.json

@@ -102,7 +102,8 @@
         "timeout2": "Délai d'expiration pour la connexion à l'hôte local",
         "username": "Nom d'utilisateur",
         "validate": "Valider",
-        "validation_success": "Validation réussie"
+        "validation_success": "Validation réussie",
+        "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici."
     },
     "admin": {
         "access": "Accès",
@@ -322,7 +323,9 @@
         "yes": "&#10003;",
         "api_read_write": "Accès Lecture-Écriture",
         "oauth2_add_client": "Ajouter un client OAuth2",
-        "password_policy": "Politique de mots de passe"
+        "password_policy": "Politique de mots de passe",
+        "admins": "Administrateurs",
+        "api_read_only": "Accès lecture-seule"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",

data/web/lang/lang.it-it.json

@@ -973,7 +973,8 @@
         "verified_fido2_login": "Verified FIDO2 login",
         "verified_totp_login": "Verified TOTP login",
         "verified_webauthn_login": "Verified WebAuthn login",
-        "verified_yotp_login": "Verified Yubico OTP login"
+        "verified_yotp_login": "Verified Yubico OTP login",
+        "domain_add_dkim_available": "Esisteva già una chiave DKIM"
     },
     "tfa": {
         "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">qui</a>",

data/web/lang/lang.nl-nl.json

@@ -536,6 +536,7 @@
         "pushover_sender_regex": "Uitsluitend een afzender met de volgende regex",
         "pushover_text": "Meldingstekst ({SUBJECT} zal worden vervangen door het onderwerp)",
         "pushover_title": "Meldingstitel",
+        "pushover_sound": "Geluid",
         "pushover_vars": "Wanneer er geen afzenders zijn uitgesloten zullen alle mails doorkomen.<br>Regex-filters en afzendercontroles kunnen individueel worden ingesteld en zullen in volgorde worden verwerkt. Ze zijn niet afhankelijk van elkaar.<br>Bruikbare variabelen voor tekst en titel (neem het gegevensbeschermingsbeleid in acht)",
         "pushover_verify": "Verifieer aanmeldingsgegevens",
         "quota_mb": "Quota (MiB)",
@@ -1002,6 +1003,7 @@
         "pushover_sender_regex": "Uitsluitend een afzender met de volgende regex",
         "pushover_text": "Meldingstekst ({SUBJECT} zal worden vervangen door het onderwerp)",
         "pushover_title": "Meldingstitel",
+        "pushover_sound": "Geluid",
         "pushover_vars": "Wanneer er geen afzenders zijn uitgesloten zullen alle mails doorkomen.<br>Regex-filters en afzendercontroles kunnen individueel worden ingesteld en zullen in volgorde worden verwerkt. Ze zijn niet afhankelijk van elkaar.<br>Bruikbare variabelen voor tekst en titel (let op het gegevensbeschermingsbeleid)",
         "pushover_verify": "Verifieer aanmeldingsgegevens",
         "q_add_header": "Spamfolder",

data/web/lang/lang.ro-ro.json

@@ -979,7 +979,8 @@
         "verified_totp_login": "Autentificarea TOTP verificată",
         "verified_webauthn_login": "Autentificarea WebAuthn verificată",
         "verified_fido2_login": "Conectare FIDO2 verificată",
-        "verified_yotp_login": "Autentificarea Yubico OTP verificată"
+        "verified_yotp_login": "Autentificarea Yubico OTP verificată",
+        "domain_add_dkim_available": "O cheie DKIM deja a existat"
     },
     "tfa": {
         "api_register": "%s utilizează API-ul Yubico Cloud. Obțineți o cheie API pentru cheia dvs. de <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aici</a>",
@@ -990,7 +991,7 @@
         "enter_qr_code": "Codul tău TOTP dacă dispozitivul tău nu poate scana codurile QR",
         "error_code": "Cod de eroare",
         "init_webauthn": "Inițializare, vă rugăm așteptați...",
-        "key_id": "Un identificator pentru YubiKey",
+        "key_id": "Un identificator pentru dispozitiv",
         "key_id_totp": "Un identificator pentru cheia ta",
         "none": "Dezactivează",
         "reload_retry": "- (reîncărcați browserul dacă eroarea persistă)",

data/web/lang/lang.sk-sk.json

@@ -106,7 +106,7 @@
         "username": "Používateľské meno",
         "validate": "Overiť",
         "validation_success": "Úspešne overené",
-        "app_passwd_protocols": "Povolené protokoly"
+        "app_passwd_protocols": "Povolené protokoly k heslu aplikácie"
     },
     "admin": {
         "access": "Prístup",

data/web/lang/lang.tr-tr.json

@@ -0,0 +1,86 @@
+{
+    "acl": {
+        "alias_domains": "Takma alan adı ekle",
+        "app_passwds": "Uygulama şifrelerini yönet",
+        "delimiter_action": "Sınırlama işlemi",
+        "domain_relayhost": "Bir alan adı için relayhost sunucusunu değiştir",
+        "eas_reset": "EAS cihazlarını sıfırla",
+        "mailbox_relayhost": "Bir posta kutusunun relayhost sunucularını değiştir",
+        "pushover": "Bildirim",
+        "quarantine": "Karantina işlemleri",
+        "quarantine_attachments": "Ekleri karantinaya al",
+        "quarantine_notification": "Karantina bildirimlerini değiştir",
+        "smtp_ip_access": "SMTP sunucularının değiştirilmesine izin ver",
+        "sogo_access": "SOGo erişiminin yönetilmesine izin ver",
+        "domain_desc": "Alan adı açıklamasını değiştir",
+        "extend_sender_acl": "Gönderenin acl'sini harici adreslere göre genişletmeye izin ver",
+        "spam_policy": "Engellenenler / İzin verilenler",
+        "filters": "Fitreler"
+    },
+    "add": {
+        "activate_filter_warn": "Aktif edilirse diğer tüm filtreler devre dışı bırakılacak.",
+        "add_domain_only": "Sadece alan adı ekle",
+        "alias_address": "Takma ad adres(leri)",
+        "alias_domain": "Takma alan adı",
+        "alias_domain_info": "<small>Sadece geçerli alan adları (virgülle ayırın).</small>",
+        "backup_mx_options": "İletme ayarları",
+        "delete2": "Kaynakta olmayan hedefteki mesajları sil",
+        "delete2duplicates": "Hedefteki kopyaları sil",
+        "disable_login": "Giriş yapmaya izin verme ( Gelen mailler yine de kabul edilir)",
+        "domain": "Alan adı",
+        "domain_matches_hostname": "Alan adı %s ana bilgisayar adıyla eşleşiyor",
+        "add_domain_restart": "Alan adı ekleyin ve SOGo'yu yeniden başlatın",
+        "alias_address_info": "<small>Bir alan adına ilişkin tüm iletileri yakalamak için tam e-posta adresi veya @example.com olacak şeklinde girin (virgülle ayırın).<b>sadece mailcow alan adları</b>.</small>",
+        "domain_quota_m": "Toplam alan adı kotası (MiB)",
+        "generate": "oluştur",
+        "goto_ham": "Ham olarak<span class=\"text-success\"><b>işaretle</b></span>",
+        "goto_null": "Postaları sessizce çöpe at",
+        "goto_spam": "Spam olarak<span class=\"text-danger\"><b>işaretle</b></span>",
+        "hostname": "Ana sunucu",
+        "kind": "Tür",
+        "mailbox_quota_m": "Posta kutusu başına maksimum kota (MiB)",
+        "max_aliases": "Maksimum olası takma adı",
+        "max_mailboxes": "Maksimum olası posta kutusu",
+        "nexthop": "Sonraki atlama",
+        "port": "Port",
+        "public_comment": "Genel yorum",
+        "relay_all": "Tüm alıcılara ilet",
+        "relay_all_info": "Eğer <b>hiçbir</b> alıcıya iletilmemesini seçerseniz, aktarılması gereken her alıcı için bir (\"kör\") posta kutusu eklemeniz gerekecektir.",
+        "relay_domain": "Bu alan adını ilet",
+        "relay_transport_info": "<div class=\"label label-info\">Bilgi</div> Bu etki alanı için özel bir hedef için aktarım eşlemeleri tanımlayabilirsiniz. Ayarlanmazsa, bir MX araması yapılacaktır.",
+        "relay_unknown_only": "Yalnızca mevcut olmayan posta kutularını ilet. Mevcut posta kutuları yerel olarak teslim edilecektir.",
+        "relayhost_wrapped_tls_info": "Lütfen TLS ile örtülmüş portları <b> kullanmayın</b> (çoğu 465 portunda çalışır).<br>\nÖrtülmemiş port kullan ve STARTTLS üzerinden yayınla. TLS'yi zorlamak için bir TLS ilkesi \"TLS ilke eşlemeleri\" sayfası içinde oluşturulabilir.",
+        "skipcrossduplicates": "Klasörler arasında yinelenen mesajları atlayın (ilk mesaj seçilir)",
+        "target_address": "Adreslere git",
+        "target_address_info": "<small>Tam e-posta adres(leri) girin ( virgülle ayırın).</small>",
+        "target_domain": "Hedef alan adı",
+        "timeout1": "Uzak ana bilgisayara bağlantısı zaman aşımına uğradı",
+        "timeout2": "Yerel ana bilgisayara bağlantı zaman aşımına uğradı"
+    },
+    "admin": {
+        "action": "İşlem",
+        "add_forwarding_host": "Yönlendirme sunucusu ekle",
+        "add_transport": "İletim ekle",
+        "admin_details": "Yönetici detaylarını düzenle",
+        "admin_domains": "Alan adı atamaları",
+        "add_domain_admin": "Alan adı yöneticisi ekle",
+        "api_info": "API üzerinde çalışmalar devam etmektedir. Belgeler <a href=\"/api\">/api</a>adresinde bulunabilir",
+        "apps_name": "\"mailcow Uygulamaları\" adı",
+        "authed_user": "Yetkili kullanıcı",
+        "ban_list_info": "Aşağıdaki yasaklı IP'lerin listesine bakın: <b>ağ (kalan yasak süresi) - [işlemler]</b>.<br />Yasağı kaldırılmak üzere sıraya alınan IP'ler birkaç saniye içinde aktif yasak listesinden kaldırılacaktır.<br />Kırmızı etiketler, kara listeye alınarak aktif kalıcı yasakları gösterir.",
+        "configuration": "Yapılandırma",
+        "dkim_from_title": "Verilerin kopyalanacağı kaynak alan adı",
+        "dkim_to": "Kime",
+        "dkim_to_title": "Hedef alan ad(ları) üzerinde yazılacak",
+        "dkim_domains_wo_keys": "Eksik anahtarları olan alan adlarını seçin",
+        "domain": "Alan adı",
+        "domain_admin": "Alan adı yöneticisi",
+        "domain_admins": "Alan adı yöneticileri",
+        "domain_s": "Alan ad(ları)",
+        "duplicate": "Çift",
+        "duplicate_dkim": "Çift DKIM kayıtları",
+        "f2b_ban_time": "Yasaklama süresi (saniye)",
+        "f2b_max_attempts": "Maksimum giriş denemesi",
+        "f2b_retry_window": "Maksimum girişim için deneme pencere(leri)"
+    }
+}