It appears that the MySQL driver dropped support for Go 1.9. Until we have vendoring in place (will happen soon!) we must follow suit and drop support for Go v1.9. This still allows us to support the latest three versions of Go.
I am making this change since Microsoft, Google, and Apple have all chosen to deprecate TLS 1.0 and TLS 1.1 in early 2020. In late 2018, the companies recorded that less than 1.4 percent (max) of their connections used < TLS 1.2.
Output before change:
```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY h2, http/1.1 (advertised)
ALPN/HTTP2 h2, http/1.1 (offered)
```
Output after change:
```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY h2, http/1.1 (advertised)
ALPN/HTTP2 h2, http/1.1 (offered)
```
This commit significantly improves the performance of campaign and group creation by changing database access to use transactions.
It should also make things more consistent with campaign creation. Specifically, this will ensure that the entire campaign gets created before emails start sending, while I anticipate this will fix#1643, #1080, (possibly) #1677, and #1552.
The Dockerfile has also been rebuilt to use an unprivileged user instead
of root.
The run script adds more options and changes the method the
configuration is overwritten, which may help in situations where the
configuration is not owned by the unprivileged user.
If the user name is embedding some JS code, it will be executed on the client side. Note: gophish/static/js/dist/app/users.min.js will need to be regenerated too.
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
* Refactoring servers to support custom workers and graceful shutdown.
* Refactoring workers to support custom mailers.
* Refactoring mailer to be an interface, with proper instances instead of a single global instance
* Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition.
* Cleaning up API middleware to be simpler
* Moving template parameters to separate struct
* Changed LoadConfig to return config object
* Cleaned up some error handling, removing uninitialized global error in models package
* Changed static file serving to use the unindexed package
Fixed a bug when marking the capture password, saving and unmarking the capture password, the attribute does not comeback and the password will never be captured again for this template.
Alex Maslakov
Jordan Wright
Michael Eder
dependabot[bot]
SamSutt
Glenn Wilkinson
quelsan
Gábor Lipták
David Maciejak
Christian Schwartz
Will Woodson
Chris Zietlow
gfrancqu
Russel Van Tuyl