[GH-ISSUE #1592] New warning message during modoboa upgrade #1253

New issue

Closed

opened 2026-02-27 11:16:07 +03:00 by kerem · 3 comments

kerem commented 2026-02-27 11:16:07 +03:00

Owner

Copy link

Originally created by @stefaweb on GitHub (Oct 16, 2018).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/1592

Hello!

During the upgrade to modoboa 1.11.1, contacts 0.7.2 and webmail 1.5.0, I got a new warning message.

(env) modoboa@mailhub:~/instance$ python manage.py check --deploy
System check identified some issues:

WARNINGS:
?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect.
?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.

System check identified 3 issues (1 silenced).

Previous upgrade was not printing these messages.

Originally created by @stefaweb on GitHub (Oct 16, 2018). Original GitHub issue: https://github.com/modoboa/modoboa/issues/1592 Hello! During the upgrade to modoboa 1.11.1, contacts 0.7.2 and webmail 1.5.0, I got a new warning message. ``` (env) modoboa@mailhub:~/instance$ python manage.py check --deploy System check identified some issues: WARNINGS: ?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect. ?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. ?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. System check identified 3 issues (1 silenced). ``` Previous upgrade was not printing these messages.

kerem 2026-02-27 11:16:07 +03:00

• closed this issue
• added the
  enhancement
  label

kerem commented 2026-02-27 11:16:08 +03:00

Author

Owner

Copy link

@Tibase commented on GitHub (Oct 24, 2018):

Hello,

I have the same warnings messages after update from 1.10.6

<!-- gh-comment-id:432742033 --> @Tibase commented on GitHub (Oct 24, 2018): Hello, I have the same warnings messages after update from 1.10.6

kerem commented 2026-02-27 11:16:08 +03:00

Author

Owner

Copy link

@Schokobecher commented on GitHub (Nov 27, 2018):

same here - 1.10. to 1.12.2

(env) modoboa@mail:~/instance$ python2 manage.py check --deploy
System check identified some issues:

WARNINGS:
?: (modoboa-amavis.W001) AMAVIS_DEFAULT_DATABASE_ENCODING does not match the character encoding used by the Amavis database.
HINT: Check your database character encoding and set/update AMAVIS_DEFAULT_DATABASE_ENCODING.
?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect.
?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.

<!-- gh-comment-id:442032933 --> @Schokobecher commented on GitHub (Nov 27, 2018): same here - 1.10. to 1.12.2 > (env) modoboa@mail:~/instance$ python2 manage.py check --deploy > System check identified some issues: > > WARNINGS: > ?: (modoboa-amavis.W001) AMAVIS_DEFAULT_DATABASE_ENCODING does not match the character encoding used by the Amavis database. > HINT: Check your database character encoding and set/update AMAVIS_DEFAULT_DATABASE_ENCODING. > ?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect. > ?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. > ?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.

kerem commented 2026-02-27 11:16:08 +03:00

Author

Owner

Copy link

@tonioo commented on GitHub (Nov 28, 2018):

I've just pushed a fix for security.W012 and security.W016.
More information about security.W001 can be found here: https://docs.djangoproject.com/en/1.11/ref/middleware/#module-django.middleware.security.
@Schokobecher About modoboa-amavis.W001, you must adjust your configuration.

<!-- gh-comment-id:442431784 --> @tonioo commented on GitHub (Nov 28, 2018): I've just pushed a fix for security.W012 and security.W016. More information about security.W001 can be found here: https://docs.djangoproject.com/en/1.11/ref/middleware/#module-django.middleware.security. @Schokobecher About modoboa-amavis.W001, you must adjust your configuration.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix/sievefilters-allow-email-in-rule-name

dependabot/npm_and_yarn/frontend/axios-1.15.0

translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP

translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP

fix/login-issue-3995

fix/sievefilters-issues

add-vitepress-openapi

2974-dmarc-empty-email

2.3.x

updated-doc-2.3.0

feature/OIDC

delete-all-alarms

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca

1.x

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK

1.8.x

1.7.x

1.6.x

1.4.x

1.3.x

1.2.x

2.8.2

2.8.1

2.8.0

2.7.2

2.7.1

2.7.0

2.6.5

2.6.4

2.6.3

2.6.2

2.6.1

2.6.0

2.5.1

2.5.0

2.4.11

2.4.10

2.4.9

2.4.8

2.4.7

2.4.6

2.4.5

2.4.4

2.4.3

2.4.2

2.4.1

2.4.0

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.3.0-beta.4

2.3.0-beta.3

2.3.0-beta.2

2.3.0-beta.1

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.2

2.1.1

2.1.0

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-beta.3

2.0.0-beta.2

2.0.0-beta.1

1.17.0

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.2

1.12.1

1.12.0

1.11.1

1.11.0

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.3

1.6.2

1.6.1

1.6.0

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.5

1.3.4

1.2.2

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.2.0-rc2

1.2.0-rc1

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.8

0.8.7

0.8.6.1

0.8.6

0.8.5

0.8.4

0.8.3

0.8.3-rc1

0.8.2

0.8.1

0.8

0.8-rc2

0.8-rc1

0.7.2

0.7.1

0.7

0.6.1

0.6

0.5

0.3

0.2

0.1

Labels

Clear labels   

bug

  

bug

  

dependencies

  

design

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

feedback-needed

  

help-needed

  

help-needed

  

installer

  

invalid

  

looking-for-sponsors

  

modoboa-contacts

  

new-ui

  

new-ui

  

pr

  

pull-request

Mirrored from GitHub Pull Request

  

pyconfr

  

python

  

question

  

security

  

stale

  

webmail

  

wontfix

No labels

bug

bug

dependencies

design

documentation

duplicate

enhancement

enhancement

enhancement

feedback-needed

help-needed

help-needed

installer

invalid

looking-for-sponsors

modoboa-contacts

new-ui

new-ui

pr

pull-request

pyconfr

python

question

security

stale

webmail

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/modoboa-modoboa#1253

No description provided.