Christian Felsing issues

Results 24 issues of


                                            Christian Felsing

Wrong Redirections in SOGo when using http/3 Proxy

### Contribution guidelines - [X] I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree ### I've found a bug and checked that ... - [X] ... I understand that not following...

bug

confirmed

feat: Keycloak support added

This PR adds support for a local Keycloak server, which also adresses #291. Please note that some files from old GUI needed to be touched: * src/main/resources/i18n/messages.properties * src/main/resources/i18n/messages_de.properties *...

i18n

feat: Owasp zap

This adds a new unit test which attacks Alovoa an reports possible security weaknesses. This is a "penetration test light". This requires #310 because OWASP Zap cannot resolve capchas. See...

feat: Captcha configurable

Make captcha configurable in *application.properties*: ``` app.captcha.login.enabled=false app.captcha.delete.enabled=false app.captcha.imprint.enabled=true app.captcha.password.enabled=false app.captcha.register.enabled=true ``` In original code captcha is not implemented for registration, this pull request implements configurable captcha for registration, also.

:star: top pull request

feat: Spring Vault as alternative properties store

Secrets should be stored in a secure vault e.g. Hashicorp Vault. Please note that pom.xml got some important changes: * Java version was changed to 17 * spring-boot-starter-parent was changed...

[FEATURE] Priorities of Pull Requests?

**Is your feature request related to a problem? Please describe.** It would be very helpful to contribute if pull requests would become prioritized. **Describe the solution you'd like** Of course...

OpenID/OAuth2 Servers Should Be Fully Configurable

**Is your feature request related to a problem? Please describe.** Feature should support other OpenID/OAuth2 platforms than Google and Facebook. Some changes allow usage of a private Keycloak server. **Describe...

OWASP Zap Scans as Unit Test

OWASP Zap scan is a solution to find security flaws exposed by server. See #311.

Many Deprecates in Class SecurityConfig

**Describe the bug** When updating to Spring Security 6.1 (Spring Boot 3.1.2) there are many warnings regarding deprecated usage of methods. **To Reproduce** Update pom.xml with: ``` org.springframework.boot spring-boot-starter-parent 3.1.2...

Adding Certificate to ca-bundle.crt has no effect

Steps to reproduce: * install collabora office * run docker container * get certificate with ``echo | openssl s_client -connect localhost:9980`` * add certificate data returned from command above to...