Dada Mail Lite - Bridge-only version

 
From: "Bruce Scherzinger webmaster@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED>
In-Reply-To: (no subject)
Date: August 24th 2020
Hey Justin,

Just an idea that's been rattling around in my head for a few years. As you may recall, I manage subscriptions to my Dada lists entirely through Joomla website accounts using an extension I wrote many years ago. All my lists are "closed" as far as Dada knows and the user portions of the web interface are not public. All email traffic is handled by Bridge. That means a fairly large amount of code in the full Dada package isn't really needed for my case.

Is there a clean delineation of files that can be omitted/removed and allow DM to function properly the way I'm using it? I read things about security vulnerabilities in code I don't need but which is installed and wonder if I can get rid of it and those vulnerabilities.

So my idea is an installation option that allows you to choose a Bridge-only configuration that would install only what is needed. Would that be doable?

Hope you are well, my friend.

Thanks,
Bruce

On August 24, 2020 1:17:55 PM "Justin J justin@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED> wrote:

 

From: justin@PROTECTED

Howdy everyone,

v11.11.1 is out! A few bug fixes - most notably getting those tracker analytic emails actually go out, and some security holes closed up. (There's been no actual security exploits found)

Download and install:

https://dadamailproject.com/d/install_dada_mail.pod.html

Changelog (and below):

https://dadamailproject.com/d/changes_11_x.pod.html#pod11.11.1

Focus

This is mostly a bug-fix release for issues found in the v11.11.0 release of Dada Mail. There's also places we've tightened up some potential security exploits regarding the file browser/uploaders we ship with Dada Mail.

Changes

Directories managed in the, "dada_mail_support_files" directory will now have their permissions changed when not in use

Files and directories in the, dada_mail_support_files directory are ones that are served directly by the webserver. Items like images, javascript files, etc, are found here. The file managers/uploaders that are shipped with Dada Mail are installed here too. These are third-party apps in of themselves, and we don't have complete control over their development. Historically, security issues crop up in these apps, either in current or in past versions - it happens, and since their job is to upload files onto the web server, this can really cause chaos on a web hosting account.

To keep the attack surface as small as possible, Dada Mail will now always change the permissions of directories that are not in use to, 0644, rather than the more open, 0755. This will disallow access to the directory via something like a web browser.

Option to install no file manager uploader

Dada Mail has the option to install one of three bundled file managers: KCFinder, Rich FileManager, and Core 5 Filemanager. But it never had the option to install no file manager at all. This version adds the ability to select "Don't Install a File Browser/Uploader"

Bugfixes

"Send message tracker analytics report a few days after a mass mailing was sent " doesn't work - query is incorrect

https://github.com/justingit/dada-mail/issues/956

TinyMCE Vulnerability should be fixed in Dada Mail

https://github.com/justingit/dada-mail/issues/955

"Recent Activity" chart not loading

https://github.com/justingit/dada-mail/issues/954

--

Justin J: Lead Dadaist.url: http://dadamailproject.com email: justin@PROTECTED twitter: @dadamail skype: leaddadaist

Dada Mail Announcements:http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/

 

Dada Mail Developers

Post to: Dada Mail Developers ( dadadev@PROTECTED )
Manage Your Subscription
Unsubscribe
                                                           

rss/atom
v11.11.1 Released
Index
Re: Dada Mail Lite - Bridge-only version
  • This mailing list is a public mailing list - anyone may join or leave, at any time.
  • This mailing list is a group discussion list (unmoderated)

  • Start a new thread, email: dadadev@dadamailproject.com

This is the developer discussion mailing list for Dada Mail.

If you are just looking for support Dada Mail, consult the message boards at:

https://forum.dadamailproject.com

Documentation for Dada Mail:

https://dadamailproject.com/d

Specifically, see the Error FAQ:

https://dadamailproject.com/d/FAQ-errors.pod.html

To post to this list, send a message to:

mailto:dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Topics that are welcome:

  • Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
  • Bug/Error reports
  • Bug fixes
  • Request For Comments on any changes to the program
  • Help customizing Dada Mail for your own needs
  • Patches
  • Language Translations
  • Support Documentation/Doc editing, FAQ's, etc.
  • Discussion of any changes that you would like to be committed to the next version of Dada Mail -

Dada Mail is on Github:

https://github.com/justingit/dada-mail/

If you would like to fork, branch, send over PRs, open up issues, etc.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.