Per-domain postmaster aliases have been replaced with global postmaster_address
and abuse_address settings (per RFC 2142).
Action required:
-
Run the database migration:
bin/console doctrine:migrations:migrate --no-interaction
The migration migrates existing postmaster alias destinations to the new setting and removes the old aliases.
-
Review the new RFC Email Addresses settings in Admin → Settings and adjust
postmaster_addressandabuse_addressif needed.
Invitations (vouchers) are now controlled per domain instead of via the global
REGISTRATION_OPEN environment variable.
Action required:
-
Run the database migration:
bin/console doctrine:migrations:migrate --no-interaction
The migration enables invitations with a limit of 3 for the primary domain and disables them for all other domains. It also removes any unredeemed vouchers that were incorrectly created for non-primary domains.
-
Remove
REGISTRATION_OPENfrom your environment configuration (.env,.env.local,docker-compose.yml, etc.). The variable is no longer used. -
To enable invitations for additional domains or adjust the invitation limit, go to Admin → Domains, click Edit on the desired domain and configure the invitation settings.
The Sonata Admin Bundle has been completely removed. The admin area is now a
native Symfony implementation accessible at /admin/. All admin functionality
(users, aliases, vouchers, domains, reserved names, notifications, OpenPGP keys)
is available through the new interface.
If you have any custom integrations or bookmarks pointing to Sonata Admin routes
(e.g. /admin/app/...), update them to the new /admin/ paths.
All Messenger message handlers now use cryptographic signing (sign: true) via
Symfony's SigningSerializer. Messages are signed with an HMAC-SHA256 signature
using APP_SECRET when dispatched and verified when consumed.
Deployment impact: Messages already in the queue at the time of deployment
will lack a valid signature and will be rejected by the consumer with an
InvalidMessageSignatureException. To avoid message loss:
- Before deploying, drain the message queue by running the consumer until
all pending messages are processed:
bin/console messenger:consume async --limit=0
- Deploy the new version.
- Start the consumer as usual.
Alternatively, if draining is not possible, you can purge the queue (messages will be lost):
bin/console doctrine:query:sql "DELETE FROM messenger_messages"The MAIL_CRYPT environment variable has been replaced with a database-backed
setting configurable via the Settings UI.
A database migration automatically populates the new setting from the existing
MAIL_CRYPT environment variable. If the variable is not set, it defaults to 2
(enforce for new users).
After upgrading and running migrations, verify the setting in the Settings UI
and remove MAIL_CRYPT from your environment configuration. Note: the
MAIL_CRYPT variable in docker-compose.yml for the Dovecot container is
not affected and must remain.
The WEBMAIL_URL environment variable has been removed. The webmail URL is now configured as an application setting in the admin panel under Settings > Application Settings > Webmail URL.
If you previously had WEBMAIL_URL set, you need to configure it manually in the settings after upgrading.
The userli_users_total metric now includes both active and deleted users. Previously, it only counted active users. A new userli_users_active_total metric has been added to report the number of active users separately. If you have dashboards or alerts based on userli_users_total, update them accordingly.
This release requires PHP 8.4 or newer.
If using Dovecot for authentication, the configuration syntax has changed significantly:
-
Configuration version headers required: Add to top of
dovecot.conf:dovecot_config_version = 2.4.0 dovecot_storage_version = 2.4.0 -
Renamed settings:
ssl_cert→ssl_server_cert_filessl_key→ssl_server_key_filedisable_plaintext_auth→auth_allow_cleartextmail_location→ split intomail_driver,mail_path
-
Named blocks required: All
namespace,passdb,userdb, andinet_listenerblocks need names (e.g.,passdb lua { }whereluais the name). -
Environment variable changes:
DOVECOT_LUA_DEBUGremoved (no longer supported)import_environmentuses block syntax
-
MailCrypt setting renames:
mail_crypt_save_version→crypt_write_algorithmmail_crypt_global_public_key→crypt_global_public_key_filemail_crypt_global_private_key→crypt_global_private_key/main/crypt_private_key_file
See the Dovecot 2.3 to 2.4 upgrade guide for details.
Starting with version 5.5.0, we switched from manual database migrations to using Doctrine Migrations. If you are upgrading from 5.4.1 or lower, follow these steps:
-
First, upgrade to version 5.4.1 and apply all manual database schema changes documented below for your current version.
-
Then, upgrade to the latest version and initialize Doctrine Migrations:
bin/console doctrine:migrations:migrate --no-interactionThis will mark all existing migrations as executed (since you already applied the schema changes manually) and run any new migrations.
Optional note field for aliases was added. Update your database schema:
ALTER TABLE virtual_aliases
ADD note VARCHAR DEFAULT NULL;
Userli migrated from swiftmailer-bundle to symfony/mailer. Remove environment
variable MAILER_URL and replace it with MAILER_DSN. See .env file for the
syntax.
The new twofactor authentication (2FA) feature requires the database schema to be updated:
ALTER TABLE virtual_users
ADD totp_confirmed TINYINT(1) DEFAULT 0 NOT NULL,
ADD totp_secret VARCHAR(255) DEFAULT NULL;
ADD totp_backup_codes LONGTEXT NOT NULL;
The new OpenPGP WKD feature requires GnuPG (>=2.1.14) to be installed.
Database schema changed and needs to be updated:
CREATE TABLE virtual_openpgp_keys (
id INT AUTO_INCREMENT NOT NULL,
user_id INT DEFAULT NULL,
email VARCHAR(255) NOT NULL,
key_id LONGTEXT NOT NULL,
key_fingerprint LONGTEXT NOT NULL,
key_expire_time DATETIME DEFAULT NULL,
key_data LONGTEXT NOT NULL,
UNIQUE INDEX UNIQ_3DB259EAE7927C74 (email),
INDEX IDX_3DB259EAA76ED395 (user_id),
PRIMARY KEY(id))
DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB;
ALTER TABLE virtual_openpgp_keys
ADD CONSTRAINT FK_3DB259EAA76ED395 FOREIGN KEY (user_id) REFERENCES virtual_users (id);
The MAIL_CRYPT_* Dotenv variables were merged into one variable:
MAIL_CRYPT=2
See the documentation for further information on supported values.
The DOMAIN Dotenv variable is now obsolete. It is replaced
by the first created domain at the moment.
New optional Dotenv variable was added to link to webmail:
WEBMAIL_URL="roundcube.example.org"
Database schema changed and needs to be updated:
ALTER TABLE virtual_users
ADD recovery_secret_box LONGTEXT DEFAULT NULL,
ADD recovery_start_time DATETIME DEFAULT NULL,
ADD mail_crypt TINYINT(1) DEFAULT '0' NOT NULL,
ADD mail_crypt_secret_box LONGTEXT DEFAULT NULL,
ADD mail_crypt_public_key LONGTEXT DEFAULT NULL,
CHANGE creationTime creation_time DATETIME NOT NULL,
CHANGE updatedTime updated_time DATETIME NOT NULL,
CHANGE lastlogin last_login_time DATETIME DEFAULT NULL,
CHANGE passwordversion password_version INT NOT NULL;
ALTER TABLE virtual_aliases
CHANGE creationTime creation_time DATETIME NOT NULL,
CHANGE updatedTime updated_time DATETIME NOT NULL;
ALTER TABLE virtual_vouchers
CHANGE creationTime creation_time DATETIME NOT NULL,
CHANGE redeemedTime redeemed_time DATETIME DEFAULT NULL;
ALTER TABLE virtual_reserved_names
CHANGE creationTime creation_time DATETIME NOT NULL,
CHANGE updatedTime updated_time DATETIME NOT NULL;
ALTER TABLE virtual_domains
CHANGE creationTime creation_time DATETIME NOT NULL,
CHANGE updatedTime updated_time DATETIME NOT NULL;
Dotenv variable SEND_WELCOME_MAIL was renamed to SEND_MAIL:
sed -i -e 's/SEND_WELCOME_MAIL/SEND_MAIL/g' .env
New mandatory Dotenv variables were added (all related to MailCrypt):
MAIL_CRYPT_ENABLED=1
MAIL_CRYPT_AUTO=1
Trailing slashes have been removed from default URLs:
sed -e 's#^\(APP_URL=".*\)/"#\1#g' .env
sed -e 's#^\(PROJECT_URL=".*\)/"#\1#g' .env
Use 0/1 instead of false/true in .env
sed -i -e 's/="true"/=1/g' .env
sed -i -e 's/="false"/=0/g' .env