* Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme

- add X-Content-Type-Options nosniff [SME: 12835]
- add Strict Transport Security support HSTS [SME: 12815]
- add X-Frame-Options SAMEORIGIN Header to prevent clickjacking [SME: 12816]
- add referrer-Policy same-origin [SME: 12817]
- add OCSP Stapling support [SME: 12819]
- add CSP Content-Security-Policy support [SME: 9567]
- add .well-known and .well-known/security.txt [SME: 12818]

root/etc/e-smith/templates/var/www/html/.well-known/security.txt/10contact

@@ -5,5 +5,5 @@ Contact: {
 # Contact: mailto:security%2Buri%2Bencoded@example.com
 # Contact: tel:+1-201-555-0123
 # Contact: https://example.com/security-contact.html
-${'httpd-e-smith'}{'SecurityContact'}||"mailto:admin@$DomainName"}
+${'httpd-e-smith'}{'SecurityContact'}||"mailto:admin\@$DomainName"}
 

smeserver-apache.spec

@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - apache module
 %define name smeserver-apache
 Name: %{name}
 %define version 11.0.0
-%define release 9
+%define release 10
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -74,7 +74,7 @@ if [ $1 -gt 1 ] ; then
 fi
 
 %changelog
-* Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
+* Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
 - add X-Content-Type-Options nosniff [SME: 12835]
 - add Strict Transport Security support HSTS [SME: 12815]
 - add X-Frame-Options SAMEORIGIN Header to prevent clickjacking [SME: 12816]