From 623397d20a761a58764546de2752c9cb93a41113 Mon Sep 17 00:00:00 2001
From: Romain <ro78@users.noreply.github.com>
Date: Fri, 30 Sep 2022 10:32:15 +0200
Subject: [PATCH 1/4] Update base.twig to escape simple quote

Update base.twig to escape simple quote
See issue https://github.com/mailcow/mailcow-dockerized/issues/4718
---
 data/web/templates/base.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index b19c548a..736ead7c 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -172,7 +172,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
     // TFA, CSRF, Alerts in footer.inc.php
     // Other general functions in mailcow.js
     {% for alert_type, alert_msg in alerts %}
-    mailcow_alert_box('{{ alert_msg|raw }}', '{{ alert_type }}');
+    mailcow_alert_box('{{ alert_msg|raw|e("js") }}', '{{ alert_type }}');
     {% endfor %}
 
     // Confirm TFA modal

From 52314d1a3566f57227bde28b6f025c403255db1c Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 26 Oct 2022 11:03:02 +0200
Subject: [PATCH 2/4] [Compose] Use new (patched) Netfilter Image

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index b19130cb..828b81ad 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -424,7 +424,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.48
+      image: mailcow/netfilter:1.49
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From 1e08b4ece62f28179912738afc39f6e86b8bbc5b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 26 Oct 2022 12:33:22 +0200
Subject: [PATCH 3/4] fix encoding failures of parsed text_plain mail

---
 data/web/inc/ajax/qitem_details.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/inc/ajax/qitem_details.php b/data/web/inc/ajax/qitem_details.php
index 35e599ca..1611c822 100644
--- a/data/web/inc/ajax/qitem_details.php
+++ b/data/web/inc/ajax/qitem_details.php
@@ -127,6 +127,7 @@ elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
     $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
     // Get text/plain content
     $data['text_plain'] = $mail_parser->getMessageBody('text');
+    if (!json_encode($data['text_plain'])) $data['text_plain'] = '';
     // Get html content and convert to text
     $data['text_html'] = $html2text->convert($mail_parser->getMessageBody('html'));
     if (empty($data['text_plain']) && empty($data['text_html'])) {

From 4f14462af7af3ad1107366ad720d0105c034bc7c Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 26 Oct 2022 12:33:52 +0200
Subject: [PATCH 4/4] [RSPAMD] Downgrade to 3.2 (stable)

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 828b81ad..05d5d83b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -76,7 +76,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.91
+      image: mailcow/rspamd:1.90
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow