1.8.0:

* Reworked the GUI using bootstrap 5.3 and vue.js 3

* Be sure to update the rewrite rules and Content-Security-Policy settings
  in /etc/piler/piler-nginx.conf according to /etc/piler/piler-nginx.conf.dist

* If using the CUSTOM_CSS variable, then be sure to fix it like

  $config['CUSTOM_CSS'] = '<link rel="stylesheet" href="/path/to/my.css">';

* Added i18n tool, see /usr/libexec/piler/translate.php

* Database schema change. Be sure to run the upgrade sql script on
  all piler related databases, eg.

  for i in /var/piler/sphinx/piler $(find /var/piler/sphinx/* -type d); do
    mysql --defaults-file=/etc/piler/.my.cnf $(basename $i) < /usr/share/piler/db-upgrade.sql
  done

* Added support for both session expiry and session inactivity, see
  SESSION_INACTIVITY_TIMEOUT and SESSION_EXPIRY_TIMEOUT in config.php

* Added support for Cloudflare Turnstile, a smart captcha alternative,
  see https://www.cloudflare.com/products/turnstile/ for more.

* Added OKTA oidc authentication support

* Added linkedin authentication support



1.7.3:

* Added imap connector utility

* Removed domain_user table and its references

* Improved Content-Security-Policy settings to disable 'unsafe-inline' javascript and CSS

* Rewrite uri changes

* Added support for hcaptcha, see https://www.hcaptcha.com/ for more.
  Removed deprecated secureimage project

* Be sure to update the rewrite rules and Content-Security-Policy settings
  in /etc/piler/piler-nginx.conf according to /etc/piler/piler-nginx.conf.dist


1.7.2:

* Rewrite uri changes. Be sure to update the rewrite rules in
  /etc/piler/piler-nginx.conf according to /etc/piler/piler-nginx.conf.dist

* Removed Auth0 support

* Fixed a parser issue causing random segfaults

* Installer scripts writes variables for goss. See
  https://github.com/jsuto/piler-examples/tree/master/examples/goss for more



1.7.1:

* imapfetch.py can call pilerimport to process a downloaded batch of emails
  with the -b option, eg. imapfetch.py -W piler -s ... -u ... -p ... -b 200

* pilerexport can organize exported files within the zip file to directories
  <zip batch size> number of files go to a single directory.

  Be sure to run /usr/share/piler/db-upgrade.sql on all piler related databases, eg.

  for i in /var/piler/sphinx/piler $(find /var/piler/sphinx/* -type d); do
    mysql --defaults-file=/etc/piler/.my.cnf $(basename $i) < /usr/share/piler/db-upgrade.sql
  done

* smtp message restore feature supports specifying username and password,
  as well as encrypted communication with the remote smtp host.

  Set the following in /etc/piler/config-site.php to use authenticated smtp restore:

  $config['SMARTHOST_USER'] = 'someuser';
  $config['SMARTHOST_PASSWORD'] = 'somepassword';

* Removed obsoleted variable 'tcp_wrappers_enable' from piler.conf



1.7.0:

* "Archiving rules" renamed to "Exclusion rules", because the
  purpose of those rules is to discard or ignore the macthing
  emails and prevent them getting archived.

  Be sure to run /usr/share/piler/db-upgrade.sql on all piler related databases, eg.

  for i in /var/piler/sphinx/piler $(find /var/piler/sphinx/* -type d); do
    mysql --defaults-file=/etc/piler/.my.cnf $(basename $i) < /usr/share/piler/db-upgrade.sql
    mysql --defaults-file=/etc/piler/.my.cnf $(basename $i) <<< "rename table archiving_rule to exclusion_rule"
  done

* Fixed message highlighting bug for text mime parts

* Manticore search is the preferred search engine, however,
  sphinx search is still supported.

* If using sphinxsearch, then
    a) add the following to /etc/piler/config-site.php:

    $config['DIR_SPHINX'] = '/var/piler/sphinx/';

    b) be sure to have the following in /etc/piler/piler.conf:

    sphinxdir=/var/piler/sphinx

    c) ln -sf /etc/piler/sphinx.conf /etc/piler/manticore.conf

* Added real time (rt) index support to manticore


1.6.3:

* Replaced legacy each() function calls with foreach()

* Introduced the CUSTOM_POST_MESSAGE_READ_FUNCTION hook

* Introduced the CUSTOM_PRE_MESSAGE_DOWNLOAD_FUNCTION hook

* Fixed reindex utility

* Fixed handling long email addresses

* Fixed the sign.php utility

* Updated s3 python utilities to support minio==7.1.5
  Be sure to upgrade the minio python client: pip3 install minio==7.1.5

* Added Keycloak authentication support

* Added support for storing the archived files in subdirs inside the given bucket.
  To enable this feature, set s3_use_subdirs=1 in /etc/piler/piler.conf,
  and restart the piler-s3 systemd service (AKA the s3up.py script).

  This feature creates 256 dirs in the bucket.

  The default behaviour is to keep all archived files in ther root of the bucket.

  Add s3_use_subdirs=0 to /etc/piler/piler.conf if you already use S3 backend
  to keep compatibility.

  Note that you should not use both s3_spread_in_buckets=1 and s3_use_subdirs=1.



1.6.2:

* timestamp signing sorts by 'id' column

* Various minor fixes and improvements

  Be sure to run /usr/share/piler/db-upgrade.sql on all piler related databases, eg.

  for i in /var/piler/sphinx/piler $(find /var/piler/sphinx/* -type d); do
     mysql --defaults-file=/etc/piler/.my.cnf $(basename $i) < /usr/share/piler/db-upgrade.sql
  done

* Added support for spreading the archived files in several S3 buckets.
  To enable this feature, set s3_spread_in_buckets=1 in /etc/piler/piler.conf,
  and restart the piler-s3 systemd service (AKA the s3up.py script).

  This feature creates 256 buckets per organization / customer.

  The default behaviour is to keep all archived files in a single bucket for the
  given organization / customer.

  Add s3_spread_in_buckets=0 to /etc/piler/piler.conf if you already use S3 backend
  to keep compatibility.


1.6.1:

* Added add_header X-Frame-Options SAMEORIGIN always; to nginx config

* Introduced sender table

  Be sure to run /usr/share/piler/db-upgrade.sql on all piler related databases, eg.

  for i in /var/piler/sphinx/piler $(find /var/piler/sphinx/* -type d); do
     mysql --defaults-file=/etc/piler/.my.cnf $(basename $i) < /usr/share/piler/db-upgrade.sql
  done

* imapfetch.py uses ssl/tls by default. Use the --no-ssl option to revert to cleartext

  It also uses imapclient python module, so be sure to install it:

  pip install imapclient


1.6.0:

* REST API endpoint is available via /api/v1/
  Eg. https://archive.yourdomain.com/api/v1/get_domains

* Rewrite uri changes. Be sure to update the rewrite rules in
  /etc/piler/piler-nginx.conf according to /etc/piler/piler-nginx.conf.dist

* Increased max_packet_size to 32M in /etc/piler/sphinx.conf

* Introduced the bucket feature

  Be sure to run /usr/share/piler/db-upgrade.sql on all piler related databases, eg.

  for i in /var/piler/sphinx/piler $(find /var/piler/sphinx/* -type d); do
     mysql --defaults-file=/etc/piler/.my.cnf $(basename $i) < /usr/share/piler/db-upgrade.sql
  done

  See the video tutorial on the bucket feature at https://youtu.be/9U8C8u3r_Bw

* Added beacon to indicate which main index is to be used
  Run the following command to create the default value:

  while read -r d; do echo main1 > "${d}/MAIN"; done < <(find /var/piler/sphinx/* -type d)

* Removed the ldap_port column from ldap table
  The LDAP port should be part of the ldap hostname URI, eg. ldaps://ldap.host:1234

* If generating audit records is enabled, you may syslog the audit records to the mail log
  additionally by setting the following variable in config-site.php:

  $config['SYSLOG_AUDIT'] = 1;

  The idea is to allow you move audit records to ELK / EFK stack, Graylog or similar central
  logging system and make it searchable. Be sure to fix your syslog config to forward the
  mail log entries to the central logging system.

* Introduced new piler.conf variable: tls_min_version

  It sets the minimum TLS protocol version the piler-smtp daemon supports.

  Possible values:
  - TLSv1   (not recommended)
  - TLSv1.1 (not recommended)
  - TLSv1.2 (default)
  - TLSv1.3

* Added native support to authenticate against Azure AD
  See https://mailpiler.com/using-azure-ad-single-sign-on-sso/ for more.

* Added native support to authenticate against AWS Cognito
  See https://mailpiler.com/using-aws-cognito-single-sign-on-sso/ for more.

* Reindex utility should cleanup the temp files

* Improved the pilerexport zip writing performance

* The syslog entry is more concise for the piler components, eg.
  piler/smtp, piler/store, piler/webui, etc.

* If the Date: field contains some garbage return the current timestamp

* Introduced the max release feature. It's relevant to no-tenant
  installations only.

* SMTP protocol fix

* Parser fixes

* Emails having a NUL byte are redirected to the error directory



1.5.0:

* Install the python3-mysqldb package (Ubuntu)

  On centos7 and 8 run the following if you don't have this pip installed:
  pip3 install https://download.mailpiler.com/generic-local/mysqlclient-1.4.6-cp36-cp36m-linux_x86_64.whl

* Add the following entries to the cronjob of piler user on the worker nodes:

  */10 * * * * /usr/bin/find /var/piler/error -type f | wc -l > /var/piler/stat/errors
  2,22,42 * * * * /usr/libexec/piler/import.sh

* Add the following column to the customer_settings table, if it's not already there:

  alter table customer_settings add column if not exists `admin_password` varchar(128) default null;

* Introduced smtp acl list, and obsoleted tcp_wrappers

* Parse Sender: header and give it preference over From: header

* pilerimport puts legacy emails to a top level dir based on their Date: header

* pilerexport may digitally sign the exported zip file

  openssl genpkey -out /etc/piler/signkey.priv -algorithm rsa -pkeyopt rsa_keygen_bits:4096
  openssl rsa -in /etc/piler/signkey.priv -pubout -out /etc/piler/signkey.pub
  chown piler:piler /etc/piler/signkey.*

  sign: pilerexport -W customer1 -f some@user -z emails.zip -p /etc/piler/signkey.priv
  verify: openssl dgst -sha256 -verify /etc/piler/signkey.pub -signature emails.zip.sig emails.zip

  See the following for more:
    https://www.zimuel.it/blog/sign-and-verify-a-file-using-openssl
    https://opensource.com/article/19/6/cryptography-basics-openssl-part-2

* pilerexport may export EML files to a zip file. Use -z <zipfile>, eg.

  pilerexport -W customer1 -f some@user -z first100.zip

  Note that piler user must be able to create the zip file at the
  given path.

* Added RFC3161 timestamp support

  Run the following sql query on all piler related databases:

  alter table customer_settings add column `timestamp` varchar(6) default null;

* Preview body of email by hovering mouse over subject lines of the search results

* Added support for custom date format and timezone for users

  Run the following sql query on all piler related databases:

  alter table user_settings add column date_format char(12) default 'Y.m.d';
  alter table user_settings add column timezone varchar(32) default null;

* Last search is saved in a cookie, and restored when the user logs in again.

* Exclude any email address longer than 41 characters.
  SphinxQL breaks the query in case of any email 42+ characters long.

* Added support for zipped store directories.

  You may consolidate the zillions of .m files in /var/piler/store/<customerid>/
  to a series of zip files, eg.

  /var/piler/store/somecustomer/00/5f3/00 -> /var/piler/store/somecustomer/00/5f3/5f3_00.zip
  /var/piler/store/somecustomer/00/5f3/01 -> /var/piler/store/somecustomer/00/5f3/5f3_01.zip
  ...

  To enable the feature set consolidated_store=1 in /etc/piler/piler.conf
  Then run /usr/libexec/piler/compact-store-dir.sh 5f3 "somecustomer"

  Note that you may compact any top level dir except the last one which
  is currently used.

* Improved the encryption resilience by prepending the data to be encrypted with a block of garbage

* Switched from Blowfish encryption to AES-256. It's backward compatible.

  Fix the attachment table in all piler related databases:

  alter table attachment add column `e` char(1) default 'b';

* IMAP import over the gui

  To enable the feature for admin users set the following in /etc/piler/config-site.php:

  $config['ENABLE_IMPORT'] = 1;

  Also fix the import table in all piler related databases:

  alter table import add column `customer` varchar(255) default null;

  If you have a multinodes layout, then run the following command on the
  worker node which you want to run import jobs on (otherwise it won't
  process the import jobs):

  touch /etc/piler/IMPORT_HOST

* Discard short header only emails not having a Message-ID: line to prevent them
  filling up the error directory.


1.4.9:

* New customer form supports specifying the admin@local password
  for the customer at the 'Admin user password' input field.

* Support for sphinx-3.3.1

  If you upgrade piler, then be sure to set the following in /etc/piler/config-site.php
  to keep using the legacy full text search columns in sphinx:

  $config['SPHINX_STRICT_SCHEMA'] = 0;

  Note that enabling SPHINX_STRICT_SCHEMA (by setting it to 1) breaks the sphinx
  index data, and they must be recreated with reindex which takes some time.

* Added support for multiple master nodes

  Add the following line to /etc/piler/config-site.php on the current master/gui node
  if you have a multinode layout:

  $config['PRIMARY_MASTER'] = 1;


  To setup an additional, secondary master node set the following to config-site.php:

  $config['NODE_TYPE'] = MASTER;
  $config['PRIMARY_MASTER'] = 0;
  $config['DB_HOSTNAME'] = '<primary master>';
  $config['MASTER_NODE'] = '<primary master>';
  $memcached_server = ['<primary master>', 11211];

  In the above example the secondary master will use the mysql and memcached servers
  running on the primary master node.

* Fixed space projection calculation

* Added zipkin compatible tracing support for the GUI

* Don't create a default auditor@local account when creating a new tenant/customer

* Fixed unique constraint on accounting table:

-  UNIQUE (`date`, `email`)
+  UNIQUE (`date`, `email`, `server_id`)

* Fixed open_database() call to add mysqlhost parameter

* Fixed a typo in r.php

* Online users are written to and read from memcached exclusively

* Disable prometheus metrics by default. To enable set the following
  in /etc/piler/config-site.php:

  $config['ENABLE_PROMETHEUS_METRICS'] = 1;

  Also it's recommended to set some sort of access control to nginx config, eg.

        location = /metrics.php {
            # Add the IP-address of your Prometheus server
            allow 10.1.1.2;
            deny all;

            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;

            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            if (!-f $document_root$fastcgi_script_name) {
               return 404;
            }

            fastcgi_pass unix:PHP_FPM_SOCKET;
            fastcgi_index index.php;
            include fastcgi_params;
        }


1.4.8:

* Fixed a bug causing bogus customer info the smtp session

* Added piler-s3 systemctl service

* Updated cdn links in layout templates, and the matching nginx config

  Be sure to update the Content-Security-Policy definition:

  add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' ; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com; font-src 'self' stackpath.bootstrapcdn.com; ";

* Introduced an improved mobile search template
  Set $config['ENABLE_MOBILE_PREVIEW'] = 1; in
  config-site.php to enable it.

* Fixed a bug in the health-check.sh script in a multinodes layout.
  It mistakenly reported a worker -> master probe result

* Introduced the Data Officer role

  You need to create the following table in all piler related databases:

  create table if not exists `deleted` (
    `id` bigint unsigned not null unique,
    `requestor` varchar(128) not null,
    `reason1` varchar(255) not null,
    `date1` int unsigned default 0,
    `approver` varchar(255) default null,
    `reason2` varchar(255) default null,
    `date2` int unsigned default 0,
    `deleted` tinyint(1) default -1,
    key (`id`),
    key (deleted)
  ) Engine=InnoDB;

  Add the following rewrite to the webserver config /etc/piler/piler-nginx.conf,
  then reload the webserver:

  rewrite /rejectremove.php /index.php?route=message/rejectremove;

* Using bootstrap 3.4.1 minified js from CDN

1.4.7:

* Fixed customer id check

* Fixed creating local users in multitenancy mode

* Added backup codes for Google Authenticator

  You need to create the following table in all piler related databases:

  create table if not exists `ga_backup_code` (
    `username` varchar(64) not null,
    `code` char(6) not null,
    `used` tinyint default 0
  ) Engine=InnoDB;

  create index ga_backup_code_idx1 on ga_backup_code(username);

* Added systemd service files to /usr/libexec/piler

* S3 stuff uses /var/piler/s3 directory

  mkdir /var/piler/s3
  chown piler:piler /var/piler/s3
  chmod 700 /var/piler/s3

* S3 upload script (s3up.py) upgraded to use python3.

  You need the minio python module to use it, eg. pip3 install minio

* imapfetch.py and pilerpurge.py uses /usr/bin/python3 as well

* Introduced the search history feature

  Set ENABLE_MEMCACHED in either /etc/piler/config-site.php or in the per customer settings, and be sure to install
  the php-memcached package. It puts the search terms to memcached to offers them in reverse order, latest on top.

* Fixed Google authenticator for ldap logins

* Introduced Auth0 support for Azure
  Set ENABLE_AUTH0 and the appropriate AUTH0 variables in either /etc/piler/config-site.php or in the per customer settings

* Default Sphinx version is set to 311 in /var/piler/www/config.php
  If you have 2.2.x version of sphinx, be sure to add the following line to /etc/piler/config-site.php:

  $config['SPHINX_VERSION'] = 220;

* Added tika and disk info to node health status output

* Introduced the default SPHINX_WORKER_LISTEN_ADDRESS variable to set the sphinx listen address on the worker nodes

  $config['SPHINX_WORKER_LISTEN_ADDRESS'] = '0.0.0.0';

1.4.6:

* The gui provides output for prometheus at /metrics

  Upgrade:
  - Add the following to piler's crontab on the worker nodes:
    10 * * * * /usr/bin/find /var/piler/error -type f | wc -l > /var/piler/stat/errors


1.4.5:

* Introduced new config variable USE_SMTP_GATEWAY


1.4.4:

* Fixed ldap authentication bug (1f828af)

* ldap table has new field (ldap_port) defaults to 389 (b094020)

  Run the following sql statement on all piler related databases:
     alter table ldap add column `ldap_port` int default 389;