Here is the associated release for Pigeonhole:
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.... https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.... Binary packages included in https://repo.dovecot.org/
+ imapsieve: Added imapsieve_expunge_discarded setting which causes discarded messages to be expunged immediately. - Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that modify the message, store the message a second time, rather than replacing the originally stored unmodified message. - imapsieve: Fix crash when COPYing mails from a virtual mailbox when the source messages originate from more than a single real mailbox - imap_filter_sieve plugin: Implement the missing UID FILTER command. - imap_filter_sieve plugin: Fix FILTER to work with pipelining
Op 5-2-2019 om 14:01 schreef Aki Tuomi:
* CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. * ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field. This may have allowed users with trusted certificate to specify any username in the authentication. This bug didn't affect Dovecot's Submission service.
- pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT - director: Kicking a user assert-crashes if login process is very slow - lda/lmtp: Fix assert-crash with some Sieve scripts when mail_attachment_detection_options=add-flags-on-save - fs-compress: Using maybe-gz assert-crashed when reading 0 sized file - Snippet generation crashed with invalid Content-Type:multipart
Aki Tuomi Open-Xchange Oy