Add missing upgrade info while preparing for 3.0.0 release

data/settings.js

@@ -1547,6 +1547,9 @@ If enabled, index mail as it is delivered or appended.`
 		plugin: 'fts',
 		seealso: [ 'fts_autoindex' ],
 		values: setting_types.STRING,
+		changed: {
+			settings_fts_autoindex_exclude_namespaces_changed: 'This setting now honors namespaces for mailbox names.'
+		},
 		text: `
 To exclude a mailbox from automatic indexing, it can be listed in this
 setting.
@@ -2558,6 +2561,9 @@ If set, allows message deliveries to exceed quota by this value.`
 		values: setting_types.UINT,
 		tags: [ 'storage_size_limits' ],
 		seealso: [ '[[link,quota_mailbox_count]]' ],
+		added: {
+			settings_quota_mailbox_count_added: false
+		},
 		text: `
 Maximum number of mailboxes that can be created. Each namespace is tracked
 separately, so e.g. shared mailboxes aren't counted towards the user's own
@@ -2571,6 +2577,9 @@ limit.
 		plugin: 'quota',
 		values: setting_types.UINT,
 		tags: [ 'storage_size_limits' ],
+		added: {
+			settings_quota_mailbox_message_count_added: false
+		},
 		text: `
 Maximum number of messages that can be created in a single mailbox.
 
@@ -3537,6 +3546,9 @@ If \`0\`, commands are run directly in the same process.`
 
 	dovecot_config_version: {
 		values: setting_types.STRING,
+		added: {
+			settings_dovecot_config_version_added: false
+		},
 		text: `
 Dovecot configuration version. It uses the same versioning as Dovecot in
 general, e.g. \`3.0.5\`. This must be the first setting in the
@@ -3552,6 +3564,9 @@ will be a clear failure at startup.`
 
 	dovecot_storage_version: {
 		values: setting_types.STRING,
+		added: {
+			settings_dovecot_storage_version_added: false
+		},
 		text: `
 Dovecot storage file format version. It uses the same versioning as Dovecot in
 general, e.g. \`3.0.5\`. It specifies the oldest Dovecot version
@@ -4593,6 +4608,9 @@ The prefix for each line written to the log file.
 
 	login_socket_path: {
 		values: setting_types.STRING,
+		added: {
+			settings_login_socket_path_added: false,
+		},
 		text: `
 Default socket path for all services' login processes. Can be overridden by
 passing a parameter to the login executable.`
@@ -6747,6 +6765,9 @@ The settings [[setting,state_dir,/home/foo/dovecot/state]] and
 	submission_add_received_header: {
 		default: 'yes',
 		tags: [ 'submission' ],
+		added: {
+			settings_submission_add_received_header_added: false
+		},
 		values: setting_types.BOOLEAN,
 		text: `
 Controls if "Received:" header should be added to mails by the submission

data/updates.js

@@ -12,15 +12,23 @@ export const updates = {
 	/* Tags used in pages. */
 
 	argon_2i_schemes: '2.4.0',
+	argon2_password_scheme_added: '2.4.0',
+	auth_mechanism_scram_sha_added: '2.4.0',
+	auth_mechanism_sha_added: '2.4.0',
+	cassandra_log_retries_added: '2.4.0',
 	crypt_des_md5_schemes: '2.4.0',
 	auth_client_common_secured: '2.4.0',
 	auth_nss: '2.3.0',
 	auth_policy_fail_type: '2.4.0',
 	auth_policy_reject: '2.4.0',
 	auth_server_common_secured: '2.4.0',
+	dict_idle_timeout_added: '2.4.0',
+	dict_slow_warn_added: '2.4.0',
 	doveadm_ex_expired_code: '2.4.0',
 	doveadm_mailbox_commands_user: '2.4.0',
 	extra_fields_empty: '2.4.0',
+	event_export_transports_file_unix_added: '2.4.0',
+	fs_crypt_require_encryption_keys: '2.4.0',
 	fts_flatcurve: '2.4.0',
 	imapc_features_no_acl: '2.4.0',
 	imapc_features_no_delay_login: '2.4.0',
@@ -85,12 +93,19 @@ export const updates = {
 	settings_auth_default_domain_added: '2.4.0',
 	settings_auth_internal_failure_delay_added: '2.4.0',
 	settings_auth_policy_request_attributes_changed: '2.4.0',
+	settings_dovecot_config_version_added: '2.4.0',
+	settings_dovecot_storage_version_added: '2.4.0',
+	settings_fts_autoindex_exclude_namespaces_changed: '2.4.0',
 	settings_fts_message_max_size_added: '2.4.0',
 	settings_fts_tika_changed_auth: '2.4.0',
 	settings_imapc_features_changed: '2.4.0',
+	settings_login_socket_path_added: '2.4.0',
 	settings_mail_cache_max_headers_count_added: '2.4.0',
 	settings_mail_cache_max_header_name_length_added: '2.4.0',
 	settings_namespace_mailbox_special_use_changed: '2.4.0',
 	settings_quota_clone_unset_added: '2.4.0',
+	settings_quota_mailbox_count_added: '2.4.0',
+	settings_quota_mailbox_message_count_added: '2.4.0',
+	settings_submission_add_received_header_added: '2.4.0',
 
 }

docs/core/config/auth/databases/lua.md

@@ -3,6 +3,9 @@ layout: doc
 title: Lua
 dovecotlinks:
   auth_lua: Lua authentication database
+  auth_lua_initialization:
+    hash: initialization
+    text: Lua authentication initialization
 ---
 
 # Lua Authentication Database (`lua`)

docs/core/config/auth/schemes.md

@@ -65,12 +65,13 @@ that you set service `auth { vsz_limit = 2G }` at least, or more.
 
 ### ARGON2
 
+[[added,argon2_password_scheme_added]]
+
 This scheme is also accepted and processed according to the actual
 algorithm as described in the hash, e.g, `{ARGON2}$argon2id$...` is
 recognized and processed properly as ARGON2I/ARGON2ID (as long as
 libsodium is recent enough to support it).
 
-
 ### BLF-CRYPT
 
 This is the Blowfish crypt (bcrypt) scheme. It is generally considered to
@@ -150,8 +151,8 @@ different schemes for a single user.
 | --------- | ------- |
 | CRAM-MD5 | Used with CRAM-MD5 mechanism. |
 | [[link,auth_digest_md5]] | Used with DIGEST-MD5 mechanism. The username is included in the hash, so it's not possible to use the hash for different usernames. |
-| SCRAM-SHA-1 | Used with SCRAM-SHA-1 mechanism. |
-| SCRAM-SHA-256 | Stronger replacement for SCRAM-SHA-1. |
+| SCRAM-SHA-1 | Used with SCRAM-SHA-1 mechanism.<br />[[added,auth_mechanism_scram_sha_added]] |
+| SCRAM-SHA-256 | Stronger replacement for SCRAM-SHA-1.<br />[[added,auth_mechanism_sha_added]] |
 
 ## Other Supported Password Schemes
 

docs/core/config/dict.md

@@ -154,8 +154,8 @@ the dict server.
 
 | Parameter | Required | Description |
 | --------- | -------- | ----------- |
-| `idle_timeout=<time_msecs>` | NO | How long to idle before disconnecting. (default: 0; which means immediate disconnect after finishing the operation) |
-| `slow_warn=<time_msecs>` | NO | Log a warning about lookups that take longer than this interval. (default: 5s) |
+| `idle_timeout=<time_msecs>` | NO | How long to idle before disconnecting. Default: `0`, which means immediate disconnect after finishing the operation. [[added,dict_idle_timeout_added]] |
+| `slow_warn=<time_msecs>` | NO | Log a warning about lookups that take longer than this interval. Default: `5s`. [[added,dict_slow_warn_added]] |
 
 ### Redis
 

docs/core/config/events/export.md

@@ -6,6 +6,9 @@ dovecotlinks:
   event_export_label:
     hash: filtering-events
     text: Filtering Events
+  event_export_transports:
+    hash: transports
+    text: Event Export Transports
 ---
 
 # Event Export
@@ -114,8 +117,8 @@ Supported Transports:
 | `drop` | Ignore the serialized event |
 | `log` | Send serialized event to syslog |
 | `http-post` | Send the serialized event as a HTTP POST payload to the URL specified in the `transport_arg` setting with a timeout specified by `transport_timeout`. Default is `250 milliseconds`. |
-| `file` | Send serialized events to a file specified in the `transport_arg` setting. |
-| `unix` | Send serialised events to a unix socket specified in the `transport_arg` setting. The `transport_timeout` setting is used to specify how long the unix socket connection can take. Default is `250 milliseconds`. |
+| `file` | Send serialized events to a file specified in the `transport_arg` setting.<br />[[added,event_export_transports_file_unix_added]] |
+| `unix` | Send serialised events to a unix socket specified in the `transport_arg` setting. The `transport_timeout` setting is used to specify how long the unix socket connection can take. Default is `250 milliseconds`.<br />[[added,event_export_transports_file_unix_added]] |
 
 The `drop` transport is useful when one wants to disable the event exporter
 temporarily.  Note that serialization still occurs, but the resulting

docs/core/config/imap.md

@@ -3,6 +3,9 @@ layout: doc
 title: IMAP
 dovecotlinks:
   imap_server: IMAP server
+  imap_hibernation:
+    hash: imap-hibernation
+    text: IMAP Hibernation
 ---
 
 # IMAP Configuration

docs/core/config/sieve/managesieve.md

@@ -283,7 +283,7 @@ OK "Putscript completed."
 ```
 
 Upon successful upload, you should find a file called
-`example.sieve` in your `sieve_dir` directory. The script should
+`example.sieve` in your sieve directory. The script should
 also be listed by the server as follows when the `LISTSCRIPTS` command
 is issued:
 
@@ -318,7 +318,7 @@ OK "Listscripts completed.
 ```
 
 The symbolic link configured with the `sieve` setting should now point
-to the activated script in the `sieve_dir` directory. If no script is
+to the activated script in the sieve directory. If no script is
 active, this symbolic link is absent.
 
 #### Manual TLS Login

docs/core/config/sql/cassandra.md

@@ -128,6 +128,7 @@ Driver log level.
 
 * Default: `no`
 * Values: [[link,settings_types_boolean]]
+* [[added,cassandra_log_retries_added]]
 
 Whether to log about failed requests that are retried (which may or may
 not succeed after the retry).

docs/core/plugins/mail_crypt.md

@@ -232,7 +232,7 @@ Then `newkey.pem` can be used with mail-crypt plugin.
 
 [[added,mail_crypt_eddsa]]
 
-You can use EdSDA keys by using algorithm X25519 or X448 (case sensitive).
+You can use EdSDA keys by using algorithm `X25519` or `X448` (case sensitive).
 
 To generate a suitable keypair, use
 
@@ -366,6 +366,11 @@ Currently the fs-crypt plugin requires that all the files it reads are
 encrypted. If it sees an unencrypted file it'll fail to read it. The plan is
 to fix this later.
 
+::: warning
+[[changed,fs_crypt_require_encryption_keys]] fs-crypt requires encryption keys
+by default.
+:::
+
 FS driver syntax:
 
 ::: tip Note

docs/developers/design/auth_protocol.md

@@ -142,7 +142,7 @@ AUTH-only parameters are:
 | `tls_cipher=<cipher>` | TLS cipher being used. |
 | `tls_cipher_bits=<bits>` | The number of bits in the TLS cipher. |
 | `tls_pfs=<string>` | TLS perfect forward secrecy algorithm (e.g. DH, ECDH) |
-| `tls_protocol=<name>` | TLS protocol name (e.g. SSLv3, TLSv1.2) |
+| `tls_protocol=<name>` | TLS protocol name (e.g. `TLSv1.2`) |
 | `valid-client-cert` | Remote user has presented a valid SSL certificate. |
 | `no-penalty` | Ignore auth penalty tracking for this request |
 | `cert_username` | Username taken from client's SSL certificate. |

docs/howto/ssl/index.md

@@ -19,10 +19,10 @@ SSL you can see
 
 SSL and TLS terms are often used in confusing ways:
 
-* SSL (Secure Sockets Layer) is the original protocol implementation. SSLv3 is
-  still allowed by Dovecot, but it's rarely used. Some clients use SSL to mean
-  that they're going to connect to the imaps (993), pop3s (995) or smtps (465)
-  port, although they're still going to use TLSv1 protocol.
+* SSL (Secure Sockets Layer) is the original protocol implementation.
+  Some clients use SSL to mean that they're going to connect to the imaps
+  (993), pop3s (995) or smtps (465) port, although they're still going to
+  use TLSv1 protocol.
 
 * TLS (Transport Layer Security) replaced the SSL protocol. TLSv1 protocol is
   used practically always nowadays. Some clients use TLS to mean that they're

docs/howto/virtual/postfix.md

@@ -191,8 +191,6 @@ plugin {
   acl = vfile:/var/vmail/conf.d/%d/acls:cache_secs=300
 
   sieve = ~/.dovecot.sieve
-  sieve_dir = ~/sieve
-  sieve_global_dir = /var/vmail/conf.d/%d/sieve
 }
 ```
 :::