We are happy to announce a new minor release of CipherMail Webmail Messenger. This release ends the support for Webmail 4.1.x installations and we encourage everyone to update their systems in a timely manner. This release fixes a few bugs and a security issue and brings more control over your Webmail installation with Nagios/Icinga monitoring scripts and improved Ansible playbooks. You are advised to create a backup before performing the update on any production system. The full update procedure can be found here: https://www.ciphermail.com/documentation/virtual-appliance-guide/minor-upda… You can update your CipherMail Webmail installations using the CipherMail Console menu, or with '$ sudo dnf update' on the command line. New virtual appliance images and package archives for offline installation can be obtained through the support portal: https://support.ciphermail.com/user/downloads Customers with a CipherMail Gateway high-availability cluster are advised to update their cluster one node at a time. More information about cluster updates can be found on our documentation website: https://www.ciphermail.com/documentation/cluster-administration-guide/clust… CipherMail Webmail Messenger 4.2.1 release notes: **SECURITY fixes** - CVE-2022-28218: The secret keys used by the Roundcube installation were inadequately protected, allowing a local attacker to circumvent two-factor authentication and possibly decrypt passwords. The secret keys will be automatically rotated after applying this update. This forces all users to log in again. **New features** - It is now possible to enable HTML message viewing and editing using Ansible. HTML mail is disabled by default in Webmail Messenger for enhanced security. - The inactivity timeout of the administrative web interface can now be configured with Ansible. - If an error occurs during Ansible playbook execution, the error will now be logged. A warning will also be shown in the administrative web interface. - Nagios/Icinga check scripts are now provided for use with the CipherMail monitoring endpoints. - Add support for monitoring MariaDB. **Technical changes** - The Roundcube configuration is now managed with Ansible. - Upgrade log4j from version 1.2.15 to 2.17.1. Because of changes to log4j the logger levels can no longer be managed from the administrative web interface. We therefore removed this option. Log levels should now be set in conf/log4j2.xml. Changing the log level does not require a restart because the change will be applied automatically after 60 seconds. - Use the configured webmail logo as the favicon for the user portal. - Add HTML alternative part to the sign-up and new mail email templates. - Update Roundcube to 1.4.13. - Remove CipherMail Console log directory. - Update dependencies: update jquery to 3.6.0, update HTTP client to 5.1.3, update cxf to 3.3.13, update XML sec to 2.1.7, update jasypt to 1.9.3, update wss4j to 2.2.7, update netty to 4.1.75, update spring to 5.3.18, update activeMQ to 5.16.0, update libphonenumber to 8.12.45. - Make console script crash-proof, i.e., fallback to shell if console script fails. **Bug fixes** - Fixed downloading of multiple Webmail messages using a zip archive, which was broken since the 4.0 release. - Fixed Roundcube logging, which was broken since the 4.0 release. - Fixed an Ansible playbook warning regarding authorized SSH keys. - The Webmail footer used to overflow edit fields when the screen size was too small. -- Imre Jonk IT Automation Engineer CipherMail B.V.