[Dovecot] v1.2.11 released

Stephan Bosch stephan at rename-it.nl
Wed Mar 10 11:22:42 EET 2010

Timo Sirainen wrote:
> http://dovecot.org/releases/1.2/dovecot-1.2.11.tar.gz
> http://dovecot.org/releases/1.2/dovecot-1.2.11.tar.gz.sig
> mbox users really should upgrade, because by sending a message with a
> huge header you could basically cause a DoS (this problem exists only
> with v1.2.x, not with v1.0 or v1.1).
> 	- mbox: Message header reading was unnecessarily slow. Fetching a
> 	  huge header could have resulted in Dovecot eating a lot of CPU.
> 	  Also searching messages was much slower than necessary.
> 	- mbox, dbox, cydir: Mail root directory was created with 0770
> 	  permissions, instead of 0700.
> 	- maildir: Reading uidlist could have ended up in an infinite loop.
> 	- IMAP IDLE: v1.2.7+ caused extra load by checking changes every
> 	  0.5 seconds after a change had occurred in mailbox

I have a paper deadline this Friday, so a new release of Pigeonhole will 
be delayed until this weekend.



More information about the dovecot mailing list