On 07.03.2017 10:52, Nagy, Attila wrote:
On 03/06/2017 11:30 PM, Timo Sirainen wrote:
On 6 Mar 2017, at 9.17, Tom Sommer mail@tomsommer.dk wrote:
On 2017-02-24 14:34, Timo Sirainen wrote:
http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz.sig Are there any plans to do a bugfix-release, that includes the few issues seen in the mailing-list, or do you consider 2.2.28 safe to upgrade to?
I don't see anything critical. A couple of bugs that might or might not affect you. We'll have 2.2.29 soon enough, so no plans for other releases before that. Truncating passwords with dict protocol* seems quite critical to me. :-O Or is it just me, who's affected by that?
*: http://dovecot.org/list/dovecot/2017-February/107265.html
Hi!
The password is not actually truncated, it's actually subjected to var_expand, which is silly. We are working on a patch for this and let y'all know when it's ready. The only truncation happens with % as last character.
Aki