chore(deps): update drakkan/sftpgo docker tag to v2.6.0

[renovate]

This PR contains the following updates:

Package	Update	Change
drakkan/sftpgo	minor	v2.5.6-alpine -> v2.6.0-alpine

---

Release Notes

drakkan/sftpgo (drakkan/sftpgo)

v2.6.0

Compare Source

New features

• Rewritten WebClient and WebAdmin UIs: we hope you find these new user interfaces more modern and easier to use. They also include a dark mode. Thank you to KeenThemes for granting us a custom license to use their amazing Mega Bundle for the new SFTPGo UIs.
• Documentation moved to sftpgo.github.io. The documentation source has been moved to this repository.
• Notifier plugin: add login succeeded events.
• Add time-based access restrictions.
• EventManager: allow to disable or delete inactive users.
• WebAdmin: allow to require password change and two-factor authentication also for admins.
• WebUIs: add experimental support for internazionalization.
• HTTP, WebDAV: allow to enable HTTP/2.
• Several bug fixes, minor features and performance improvements.

Features added to golang/x/crypto/ssh

This version benefits from some features I added to golang/x/crypto/ssh.

• Expose negotiated algorithms so that they can be logged.
• Add server side multi-step authentication. We were using an out of tree patch in previous versions.
• Add server side support for Diffie Hellman Group Exchange KEX. We were using an out of tree patch in previous versions.
• Allow to restrict allowed algorithms for public key authentication.

My work on golang/x/crypto/ssh is funded by @​FiloSottile's clients. Thank you!!!

File transfer errors

Some errors for failed file transfers may reveal more information than necessary such as the actual filesystem path.
These errors are now filtered and the filesystem path is replaced with the virtual path.

Thanks to @​nezzzumi for reporting this issue.

Backward incompatible changes

• The configuration file changed in a backward incompatible way. If you are modifying the configuration file instead of setting your customization via environment variables, make sure to adapt it to the new version.
• Removed support for the metadata plugin because it is very slow and memory intensive with folders containing millions of files. We will look to add metadata support again in the future, in a smarter way, if companies using SFTPGo are interested enough to fund this work.
• Data retention: removed ignore_user_permissions. This is the default now.
• RSA certificates/keys less than 2048 bits are no longer accepted.
• SSH: removed moduli files. Diffie Hellman Group Exchange KEX is now built-in. No external moduli files are required.
• Environment variables passed to plugins must respect a name convention: if the plugin name is named, for example, sftpgo-plugin-eventsearch only environment variables starting with SFTPGO_PLUGIN_EVENTSEARCH_ will be made available to the plugin.
• Removed support for diffie-hellman-group18-sha512 KEX because our previous implementation was too slow to be useful.

Contributions

We now require to agree to our Contributor License Agreement to accept contributions.
The CLA is based on a standard Apache ICLA.
Agreeing to the CLA explicitly states that you are entitled to provide a contribution and that you cannot withdraw permission to use your contribution at a later date. This removes any ambiguities or uncertainties.

Some past contributors did not respond to our request to sign the CLA or were unable to sign it, so we have rewritten or removed their contributions. The following (minor) features have been removed:

• redirecting output from external programs in SFTPGo logs.
• robots.txt endpoint.
• reading data provider username and password from file. This feature was never included in a stable release.
• support for having a different folder prefix for SFTP and FTP. The same can be achieved using a pre-login hook.

[!NOTE]
Clarified licensing and compliance.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[f2c-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment