10.0.35 (26 Feb 2026)
[AR-3218] - Support for multiple on-prem instances
[AR-3219] - client connections and listeners starting before Receive Service
[AR-3220] - PST import failed: arraycopy: last destination index 2147483648 out of bounds for byte[2147418112]
10.0.34 (13 Feb 2026)
AR-3217 basic auth log statement
10.0.33 (11 Feb 2026)
[AR-3214] - Configuration→Logins: change email label for basic auth & add address validation
Improvement
[AR-3215] - Upgrade Tomcat to v10.1.52 to address CVE's
10.0.30 (10 Feb 2026)
[AR-3211] - milter optimizations
[AR-3212] - IMAP & POP further optimizations
10.0.28 (6 Feb 2026)
[AR-3210] - imap: (imapFolder.uidNext - 1).coerceAtLeast(startUid)
10.0.27 (5 Feb 2026)
[AR-3207] - switch to jackson json parsing
[AR-3209] - An exception occurred processing [searchresults.jsp]
10.0.26 (4 Feb 2026)
[AR-3202] - fix AD license count
[AR-3203] - v10 is not auto updating due to the upper bound set to 9.99.99 (should be 10.99.99)
[AR-3204] - message not prioritizing html content (in some instances)
[AR-3206] - fix display of images in content view
10.0.23 (2 Feb 2026)
[AR-3199] - PST import performance optimization
[AR-3200] - PDF export performance optimization
[AR-3201] - PST export performance optimization
10.0.21 (27 Jan 2026)
[AR-3196] - premature volume rollover triggered when disk space cannot be determined
10.0.20 (22 Jan 2026)
[AR-3191] failed kereberos login should redirect to signonform.do
10.0.19 (21 Jan 2026)
[AR-3194] - add max attachment chars to index
[AR-3195] - cannot download attachments with special characters in the file name
10.0.17 (21 Jan 2026)
[AR-3186] - java.lang.NoClassDefFoundError: com/google/common/cache/RemovalCause
[AR-3192] - infinitive 302 (redirect) when SSO kerberos failed.
[AR-3193] - Pop3 IAP connection not deleting messages
10.0.16 (20 Jan 2026)
[AR-3188] - deletion of temp files over long term (without restart)
[AR-3190] - failed auto search UninitializedPropertyAccessException: lateinit property has not been initialized
10.0.14 (16 Jan 2026)
[AR-3184] - improve reslience & recovery of IMAP polling
[AR-3185] - Volume rollover skipped. Active volume has no create date
[AR-3186] - java.lang.NoClassDefFoundError: com/google/common/cache/RemovalCause
[AR-3187] - invalid ALL_NOT_BLOCKED ldap filter
10.0.13 (27 Dec 2025)
[AR-3179] - Kerberos realm incorrectly derived from UPN suffix
[AR-3180] - Change SSO config attribute key
[AR-3182] - ldaps url on AD auth never use SSL/TLS
10.0.12 (17 Dec 2025)
[AR-3176] - AD Kerberos authentication using username/password fails
10.0.11 (6 Dec 2025)
[AR-519] - sort not working when loading items from treeview
[AR-3159] - zip PDF and large PST files exported to speed pdownload
[AR-3162] - failed to assign role for basic authentication
[AR-3167] - add support for X-MS-Exchange-Organization-BCC
[AR-3169] - PST items are missing in folders
[AR-3170] - PST folder view scrolling not working
[AR-3171] - websocket chat ui after login
[AR-3172] - Search box in Firefox ESR 140 does not accept “(“ and triggers search-history dropdown instead
[AR-3173] - scroll folder result's from Treeview show only the 1st screen result
[AR-3174] - PST doesn't import directly from zip
10.0.10 (26 Nov 2025)
[AR-3049] - failed load users.conf of version < 9
[AR-3161] - archiving stalling due to virtual thread use
10.0.9 (1 Nov 2025)
[AR-3150] - basic auth: users cannot see emails during email address filtering issue
[AR-3153] - IMAP Tomcat deadlock
10.0.8 (30 Oct 2025)
[AR-891] - clicking a user on the tree view loads all available results
[AR-3146] - thread exhaustion due to blocking on blob insertion
[AR-3147] - fix index and display of single part messages
[AR-3148] - improved handling of Backblaze B2 500 and 503 errors
10.0.7 (23 Oct 2025)
[AR-3124] - Wrong part is rendered in message view
[AR-3125] - Render inline images with Content-Type of application/octet-stream
[AR-3128] - better handling of Google Workspace rate limiting
[AR-3137] - improvement to ackblaze exponential backoff algorithm
[AR-3142] - NPE when get process log file and it is not exist
Improvement
[AR-3130] - process HUGE pop/imap mailboxes
10.0.6 (10 Oct 2025)
[AR-3124] - Wrong part is rendered in message view (reworked)
[AR-3125] - Render inline images with Content-Type of application/octet-stream (reworked)
[AR-3131] - Request is null in getAppID(): init ActionContext first on list web.xml
10.0.5 (4 Oct 2025)
[AR-3119] - ejected volume when mounted stays ejected
[AR-3129] - Unable to write large blobs to Backblaze B2 due to FileAlreadyExistsException status (904)
[AR-3126] - security enhancement: OWASP santization of message view
10.0.4 (3 Oct 2025)
[AR-3123] - Aspose license not initialized. PST import/export contains Aspose branding.
[AR-3124] - Wrong part is rendered in message view
[AR-3125] - Render inline images with Content-Type of application/octet-stream
[AR-3126] - security enhancement: OWASP santization of message view
[AR-3019] - PST import: database instance is not set in the current thread
[AR-3127] - Remove orphaned blobs from central queue
[AR-3122] - Timeout parsing of large and complex attachments
10.0.3 (29 Sept 2025)
[AR-3114] - ignore sync of non mime encoded exchange invites
[AR-3116] - Google get users Code:429 "Too Many Requests "
[AR-3118] - java.lang.NoSuchMethodError: 'void kotlin.io.path.PathsKt.deleteRecursively
10.0.1 (18 Sept 2025)
[AR-3111] - hang on PDF export due to Aspose parsing issue. Upgrade Aspose 25.4 (further update)
[AR-3112] - Harden AWS S3 region and endpoint resolution logic
10.0.1 (16 Sept 2025)
[AR-3111] - hang on PDF export due to Aspose parsing issue. Upgrade Aspose 25.4
10.0.0 (4 Sept 2025)
[AR-2974] Authentication overhaul — replaced the entire authentication system with Pac4j security framework for standardized, modern, and extensible security handling.
Core Changes
AR-2983 Replaced legacy security filter with pac4j filters (security and callback).
AR-2984 Integrated role and authorization mapping into pac4j profiles and authorizers.
AR-2986 Added support for AD, LDAP, Azure, and Google authentication providers through pac4j clients.
AR-2989 Migrated in-memory login handling to pac4j session and profile management.
AR-2991 Replaced legacy session management with pac4j ProfileManager.
AR-2992 Migrated custom MailArchivaPrincipal to pac4j CommonProfile.
AR-2993 Re-implemented two-factor authentication using pac4j client chaining.
AR-2994 Added multi-tenancy support to authentication flows.
AR-2995 Replaced legacy BASIC authentication
Fixes and Adjustments Post-Migration
AR-3104 Multi-tenant: fixed issue where tenant certificate imports were incorrectly stored in central config.