3e5a8bc6e7
* changes from 0.13.4:
- JMAP: Protocol layer rewrite for zero-copy deserialization and
architectural improvements.
- IMAP: Unbounded memory allocation in request parser
(CVE-2025-61600)
- IMAP: Wrong permission checked for GETACL.
- JMAP: References to previous method fail when there are no results
(stalwartlabs#1507).
- JMAP: Enforce quota checks on Blob/copy.
- JMAP: Mailbox/get fails without accountId argument (stalwartlabs#1936).
- JMAP: Do not return invalidProperties when email update doesn't
contain changes (stalwartlabs#1139)
- iTIP: Include date properties in REPLY (stalwartlabs#2102).
- OIDC: Do not set username field if it is the same as the email field.
- Telemetry: Fix calculateMetrics housekeeper task (stalwartlabs#2155).
- Directory: Always use rsplit to extract the domain part from email
addresses.
* changes from 0.13.3:
- CLI: Health checks
- WebDAV: Assisted discovery v2
- iTIP: Do not send a REPLY when deleting an event that was not
accepted.
- iTIP: Include event details in REPLY messages (stalwart#2102).
- iTIP: Add organizer to iMIP replies if missing to deal with MS
Exchange 2010 bug.
- OIDC: Do not overwrite locally defined aliases (stalwart#2065).
- HTTP: Scan ban should only be triggered by HTTP parse errors.
- HTTP: Skip scanner fail2ban checks when the proxy client IP can't
be parsed (stalwart#2121).
- JMAP: Do not allow roles to be removed from system mailboxes
(stalwart#1977).
- JMAP WS: Fix panic when using invalid server url.
- SMTP: Do no send EHLO twice when STARTTLS is unavailable
(stalwart#2050).
- IMAP: Allow ENABLE UTF8 in IMAPrev1.
- IMAP: Include administer permission in ACL responses.
- IMAP: Add owner rights to ACL get responses.
- IMAP: Do not auto-train Bayes when moving messages from Junk to
Trash.
- IMAP/ManageSieve: Increase maximum quoted argument size
(stalwart#2039).
- CalDAV: Limit recurrence expansions in calendar reports
(CVE-2025-59045).
- WebDAV: Do not fix percent encoding on WebDAV FS (stalwart#2036).
Server Backend
Tip
For general information about OpenCloud and how to install please visit OpenCloud on Github and OpenCloud GmbH.
This is the main repository of the OpenCloud server. It contains the golang codebase for the backend services.
Getting Involved
The OpenCloud server is released under Apache 2.0. The project is thrilled to receive contributions in all forms. Start hacking now, there are many ways to get involved such as:
- Reporting issues or bugs
- Requesting features
- Writing documentation
- Writing code or extend our tests
- Reviewing code
- Helping others in the community
Every contribution is meaningful and appreciated! Please refer to our Contribution Guidelines if you want to get started.
Build OpenCloud
To build the backend, follow these instructions:
Generate the assets needed by e.g., the web UI and the builtin IDP
make generate
Then compile the opencloud binary
make -C opencloud build
That will produce the binary opencloud/bin/opencloud. It can be started as a local test instance right away with a two step command:
opencloud/bin/opencloud init && opencloud/bin/opencloud server
This creates a server configuration (by default in $HOME/.opencloud) and starts the server.
For more setup- and installation options consult the Development Documentation.
Technology
Important information for contributors about the technology in use.
Authentication
The OpenCloud backend authenticates users via OpenID Connect using either an external IdP like Keycloak or the embedded LibreGraph Connect identity provider.
Database
The OpenCloud backend does not use a database. It stores all data in the filesystem. By default, the root directory of the backend is $HOME/.opencloud/.
Security
If you find a security-related issue, please contact security@opencloud.eu immediately.