3.5.1 Extensions/Fixes

Extensions

• Add: option [auth] ldap_ignore_attribute_create_modify_timestamp for support of Authentik LDAP server
• Extend: [storage] hook supports now placeholder for "cwd" and "path" (and catches unsupported placeholders)
• Extend: log and create base folders if not existing during startup

Fixes

• Fix: auth/htpasswd related to detection and use of bcrypt
• Fix: location of lock file for in case of dedicated cache folder is activated

RPMs for Enterprise Linux and Fedora: https://koji.fedoraproject.org/koji/packageinfo?packageID=16893
(sine 3.5.0 with new sub-packages for bundled "InfCloud")

EL10 build still pending build of dependencies https://bugzilla.redhat.com/show_bug.cgi?id=2318480

3.5.0 Features/Adjustments/Improvements/Fixes

Attention

• Default type for authentication changed from "none" to "denyall" to prevent unexpected access after initial installation (secure-by-default)
• Reverse proxy base prefix stripping was adjusted/fixed, in case of issues check new option and your reverse proxy configuration
• InfCloud WebUI can be now be served "bundled", see https://github.com/Kozea/Radicale/wiki/Client-InfCloud

Features

• Add: option [auth] type oauth2 by code migration from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/-/blob/dev/oauth2/
• Add: option [auth] type pam by code migration from v1, add new option pam_serivce
• Add: option [server] script_name for reverse proxy base_prefix handling
• Add: on-the-fly link activation and default content adjustment in case of bundled InfCloud (tested with 0.13.1)
• Add: warning in case of started standalone and not listen on loopback interface but trusting external authentication

Adjustments

• Adjust: [auth] imap: use AUTHENTICATE PLAIN instead of LOGIN towards remote IMAP server
• Adjust: Change default [auth] type from "none" to "denyall" for secure-by-default

Improvements

• Improve: relax mtime check on storage filesystem, change test file location to "collection-root" directory
• Improve: WebUI
• Improve: log client IP on SSL error and SSL protocol+cipher if successful
• Improve: catch htpasswd hash verification errors
• Improve: add support for more bcrypt algos on autodetection, extend logging for autodetection fallback to PLAIN in case of hash length is not matching

Fixes

• Fix: catch OS errors on PUT MKCOL MKCALENDAR MOVE PROPPATCH (insufficient storage, access denied, internal server error)
• Test: skip bcrypt related tests if module is missing
• Fix: proper base_prefix stripping if running behind reverse proxy

Cosmetics

• Cosmetics: extend list of used modules with their version on startup

Reviews

• Review: Apache reverse proxy config example

RPMs for Enterprise Linux and Fedora: https://koji.fedoraproject.org/koji/packageinfo?packageID=16893
(now with new sub-packages for bundled "InfCloud")

EL10 build still pending build of dependencies https://bugzilla.redhat.com/show_bug.cgi?id=2318480

3.4.1 Extension related to dovecot and imap authentication

• Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port
• Add: option [auth] type imap by code migration from https://github.com/Unrud/RadicaleIMAP/

RPMs for Enterprise Linux and Fedora: https://koji.fedoraproject.org/koji/packageinfo?packageID=16893

EL10 build still pending build of dependencies https://bugzilla.redhat.com/show_bug.cgi?id=2318480

3.4.0 Fixes and Features

• Add: option [auth] cache_logins/cache_successful_logins_expiry/cache_failed_logins for caching logins
• Improve: [auth] log used hash method and result on debug for htpasswd authentication
• Improve: [auth] htpasswd file now read and verified on start
• Add: option [auth] htpasswd_cache to automatic re-read triggered on change (mtime or size) instead reading on each request
• Improve: [auth] htpasswd: module 'bcrypt' is no longer mandatory in case digest method not used in file
• Improve: [auth] successful/failed login logs now type and whether result was taken from cache
• Improve: [auth] constant execution time for failed logins independent of external backend or by htpasswd used digest method
• Drop: support for Python 3.8
• Add: option [auth] ldap_user_attribute
• Add: option [auth] ldap_groups_attribute as a more flexible replacement of removed ldap_load_groups

RPMs for Enterprise Linux and Fedora: https://koji.fedoraproject.org/koji/packageinfo?packageID=16893

EL10 build still pending build of dependencies https://bugzilla.redhat.com/show_bug.cgi?id=2318480

3.3.3 Minor Extensions

• Add: display mtime_ns precision of storage folder with condition warning if too less
• Improve: disable fsync during storage verification
• Improve: suppress duplicate log lines on startup
• Contrib: logwatch config and script
• Improve: log precondition result on PUT request

RPMs for Enterprise Linux and Fedora: https://koji.fedoraproject.org/koji/packageinfo?packageID=16893

EL10 build still pending build of dependencies https://bugzilla.redhat.com/show_bug.cgi?id=2318480

3.3.2 Features, Fixes and Improvements

• Fix: debug logging in rights/from_file
• Fix: ignore empty RRULESET in item
• Fix: also remove 'item' from cache on delete
• Fix: set PRODID on collection upload (instead of vobject is inserting default one)
• Fix: buggy cache file content creation on collection upload
• Add: option [storage] use_cache_subfolder_for_item for storing 'item' cache outside collection-root
• Add: option [storage] filesystem_cache_folder for defining location of cache outside collection-root
• Add: option [storage] use_cache_subfolder_for_history for storing 'history' cache outside collection-root
• Add: option [storage] use_cache_subfolder_for_synctoken for storing 'sync-token' cache outside collection-root
• Add: option [storage] folder_umask for configuration of umask (overwrite system-default)
• Add: option [storage] use_mtime_and_size_for_item_cache for changing cache lookup from SHA256 to mtime_ns + size
• Add: option [auth] uc_username for uppercase conversion (similar to existing lc_username)
• Add: option [logging] storage_cache_action_on_debug for conditional logging
• Improve: avoid automatically invalid cache on upgrade in case no change on cache structure
• Improve: log important module versions on startup
• Improve: auth.ldap config shown on startup, terminate in case no password is supplied for bind user

NOTE: for new (optional) caching method based on mtime_ns+size take care about what filesystem supports, try to use if current caching method based on SHA256 is resulting in slow responses.

RPMs for Enterprise Linux and Fedora available: https://src.fedoraproject.org/rpms/radicale

EL10 build still pending build of dependencies https://bugzilla.redhat.com/show_bug.cgi?id=2318480

3.3.1 Fixes and Extensions

• Add: option [auth] type=dovecot
• Add: option [server] protocol + ciphersuite for optional restrictions on SSL socket
• Enhancement: log content in case of multiple main components error
• Enhancement: [storage] hook documentation, logging, error behavior (no longer throwing an exception)
• Fix: expand does not take timezones into account
• Fix: expand does not support overridden recurring events
• Fix: expand does not honor start and end times

RPMs for Enterprise Linux and Fedora available: https://src.fedoraproject.org/rpms/radicale

• EL10 build still pending build of dependencies https://bugzilla.redhat.com/show_bug.cgi?id=2318480

3.3.0 Fixes+Enhancements+Adjustments

• Adjustment: option [auth] htpasswd_encryption change default from "md5" to "autodetect"
• Adjustment: switch from setup.py to pyproject.toml (but keep files for legacy packaging)
• Adjustment: 'rights' file is now read only during startup
• Add: option [auth] type=ldap with (group) rights management via LDAP/LDAPS
• Add: option [rights] permit_overwrite_collection (default=True) which can be also controlled per collection by rights 'O' or 'o'
• Enhancement: permit_delete_collection can be now controlled also per collection by rights 'D' or 'd'
• Fix: only expand VEVENT on REPORT request containing 'expand'
• Cleanup: Python 3.7 leftovers

RPMs for Enterprise Linux and Fedora available: https://src.fedoraproject.org/rpms/radicale

3.2.3 Fixes+Enhancements

• Add: support for Python 3.13
• Fix: Using icalendar's tzinfo on created datetime to fix issue with icalendar
• Fix: typos in code
• Enhancement: Added free-busy report
• Enhancement: Added 'max_freebusy_occurrences` setting to avoid potential DOS on reports
• Enhancement: remove unexpected control codes from uploaded items
• Enhancement: add 'strip_domain' setting for username handling
• Enhancement: add option to toggle debug log of rights rule with doesn't match
• Drop: remove unused requirement "typeguard"
• Improve: Refactored some date parsing code

RPMs for Enterprise Linux and Fedora available: https://src.fedoraproject.org/rpms/radicale

3.2.2 (Version Fix)

only version fixed in setup.py