What's coming in 5.2

Like I've mentioned via email, I'd really appreciate email aliases - I have a couple of domains where I receive an email, so - mario@{domain1.com,domain2.com,domain3.com,..} is essential for my workflow.

https://github.com/docker/distribution-library-image

This would enable us to tie it in with Gitlab.

So the app is actively developing, but community PRs and issues are not being answered - in the interest of transparency and continued development, we're probably forking the codebase.

It's not based on Jitsi. At Nextcloud, we developed (I used to be a developer there) everything from scratch based on WebRTC.

Awesome SSO/access management system that also supports SCIM.

https://www.gluu.org/

Oh my, oh my, the world is coming to an end!

Please stop spreading panic. PBKDF2-SHA1 is not the same as SHA1. SHA1 has collisions - big deal.

@mehdi and I nicely explained to you in chat why this is not the issue and why there's no need for immediate action AT ALL.

Please stop scaring the users for no real reason without understanding the underlying problem. Thanks!

I got the registry working, need to get it integrated with GitLab now.

@girish
https://git.cloudron.io/mario/docker-registry

Updated and working.

@atrilahiji it's currently working as a stand-alone registry via basic auth powered by htpasswd file. It'll also support Cloudron SSO shortly, after that I'll work on making it work with GitLab.

@robi I have managed to integrate the registry with GitLab.

@girish where are we at with making proper MR for AuthProxy + making SSO optional? Then I can document GitLab integration, you can write some tests and off we go!

But the code is still there

In favour of having both Photos and Auth implemented.

I'll look into the configuration issue no doubt in the coming week or two @girish and @robi.

Use case:

I have domains xyz.com and xyz1.com. In xyz.com I set up a mailbox mario@xyz.com. In xyz1.com I want the catch-all mailbox to be mario@xyz.com but I can't set that.

For transparency reasons and so you can understand why there's no real danger here, here's what @mehdi and me wrote:

me:

" you are aware that HMAC/SHA1 (used by PBKDF) is just fine for password storage and not really broken as you say?
even MD5 would be just fine
afaik
so the urgency is non-warranted
"

@mehdi explains it in greater detail:

"
To be clear, pbkdf2-sha1 is not sha1. Using just sha1 or md5 would be extremely
bad, using just any hash fonction would be very very bad, as they are litteraly built to be as fast as possible, whereas for storing passwords we deliberatly want it to be slow. PBKDF2 uses a hash function in a much more complicated scheme, to make them suitable for storing passwords and/or creating symetric keys from a password.
So pbkdf2 is not broken, even if the sha1 it uses is broken
"

(I need to look how quoting works with this forum software, so sorry about that)

@girish as a Cloudron package. I'll push it to gitlab once I clean it up, but it's useless to me without the GitLab integration and that part seems tricky.

Cloudron supports configuring 1 private support registry and it would be beneficial if it supported multiple.

Through volumes, sure.

I take that back, I did add some package changes. Had no time to test, but things seem to be working ok from the initial glimpse at it:

https://git.cloudron.io/cloudron/docker-registry-app/-/merge_requests/1

Please test and report back @girish and others