2024-01-20

Many thanks to @sertys3 for generously sponsoring an enhancement that is included in this release:

• #212: Support authenticating Google Workspace Gmail accounts using a Google Cloud service account

This release also contains the following improvements/fixes:

• #213: Avoid looping indefinitely on encrypted secret decryption failure (mostly applicable in client credentials grant (CCG) mode) – thanks @ft3411
• Allow token_salt and token_iterations values to be inherited for use in catch-all account configurations (e.g., CCG accounts that all use the same password)
• #214: Clarify security documentation for CCG (and Google service account) mode, explaining the potential risks; and, prevent these methods from using the delete_account_token_on_password_error option – thanks @gerneio
   
  Please note that as a result of #214, this version of the proxy now requires an oauth2_flow value to be set explicitly when using a method that does not require a permission_url (previously the default was to fall back to the CCG flow). This will not have any impact if you have already specified a value for this property, as is shown in the example configuration file. If you have not specified a value, and intend to use the CCG flow, you should add oauth2_flow = client_credentials to the account(s) in question in the proxy's configuration file.

In addition:

• Three CodeQL-recommended improvements
• Include extra feature dependencies in Windows and macOS pre-built versions to to ensure all capabilities can be used (i.e., for AWS caching features and Google Cloud service accounts)
• Import certifi to ensure SSL certificates are available when packaged by pyinstaller using GitHub Actions
• Work around macOS App Translocation when packaged by pyinstaller by providing a default config file path that doesn't rely on the app's location (~/.emailproxy/emailproxy.config)
• Explicitly set a timeout for authentication URL requests