When finished, the system will reboot automatically. Please do not reboot manually.
The new kernel includes a few less critical security bugfixes.
To better secure the administration interface, one-time-passwords (OTPs) may be enabled. There are separate settings for direct
access and for access via reverse proxy. If OTPs are mandatory, users without OTP can no longer login. If "optional" an OPT
is only required for accounts with enabled OTPs.
While verifying signed emails, a certificate revocation list (CRL) lookup can be enabled now.
If authentication is not possible when signing outbound emails, the "From" header has to be trusted. Previously there was
just a checkbox, which turned all local IPs into trusted senders. Now there's a dedicates address list.
Please check the list after the update: It should either be empty or contain only IPs of internal mailservers which authenticate
its clients and enforce correct "From" headers. The list should not contain whole networks, in particular not IP group "INTRANET".
Microsoft Outlook reported an invalid signature for multipart mails.
The mail server now automatically processes mails from the groupware like internal mails, i.e. relayint into the Internet
is allowed and now anti-SPAM measures will apply. If internal clients have to authenticate themselves for sending mails, SMTP
authentication will be turned on in the groupware automatically. Finally the S/MIME gateway now trusts the "From" headers
of the groupware, so "Send as" will work now.
If you have added the groupware IP or network to the list of local IPs in the mailserver administration after installing the
groupware, you can now revert this change.
The new release fixes problems with IKEv2 re-keying.