10 Apr
2017
10 Apr
'17
10:38 p.m.
https://dovecot.org/releases/2.2/dovecot-2.2.29.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.29.tar.gz.sig
- passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS (CVE-2017-2669)
- When Dovecot encounters an internal error, it logs the real error and usually logs another line saying what function failed. Previously the second log line's error message was a rather uninformative "Internal error occurred. Refer to server log for more information." Now the real error message is duplicated in this second log line.
- lmtp: If a delivery has multiple recipients, run autoexpunging only for the last recipient. This avoids a problem where a long autoexpunge run causes LMTP client to timeout between the DATA replies, resulting in duplicate mail deliveries.
- config: Don't stop the process due to idling. Otherwise the configuration is reloaded when the process restarts.
- mail_log plugin: Differentiate autoexpunges from regular expunges
- imapc: Use LOGOUT to cleanly disconnect from server.
- lib-http: Internal status codes (>9000) are no longer visible in logs
- director: Log vhost count changes and HOST-UP/DOWN
- quota: Add plugin { quota_max_mail_size } setting to limit the maximum individual mail size that can be saved.
- imapc: Add imapc_features=delay-login. If set, connecting to the remote IMAP server isn't done until it's necessary.
- imapc: Add imapc_connection_retry_count and imapc_connection_retry_interval settings.
- imap, pop3, indexer-worker: Add (deinit) to process title before autoexpunging runs.
- Added %{encrypt} and %{decrypt} variables
- imap/pop3 proxy: Log proxy state in errors as human-readable string.
- imap/pop3-login: All forward_* extra fields returned by passdb are sent to the next hop when proxying using ID/XCLIENT commands. On the receiving side these fields are imported and sent to auth process where they're accessible via %{passdb:forward_*}. This is done only if the sending IP address matches login_trusted_networks.
- imap-login: If imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id} expands to it in auth process. The ID string is also sent to the next hop when proxying.
- passdb imap: Use ssl_client_ca_* settings for CA validation.
- fts-tika: Fixed crash when parsing attachment without Content-Disposition header. Broken by 2.2.28.
- trash plugin was broken in 2.2.28
- auth: When passdb/userdb lookups were done via auth-workers, too much data was added to auth cache. This could have resulted in wrong replies when using multiple passdbs/userdbs.
- auth: passdb { skip & mechanisms } were ignored for the first passdb
- oauth2: Various fixes, including fixes to crashes
- dsync: Large Sieve scripts (or other large metadata) weren't always synced.
- Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
- doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail).
- ACLs weren't applied to not-yet-existing autocreated mailboxes.
- Fixed a potential crash when parsing a broken message header.
- cassandra: Fallback consistency settings weren't working correctly.
- doveadm director status <user>: "Initial config" was always empty
- imapc: Various reconnection fixes.