[Dovecot-news] Pigeonhole v0.5.15 released

Timo Sirainen timo at sirainen.com
Mon Jun 21 14:20:47 EEST 2021


Pigeonhole release for Dovecot v2.3.15.

One thing we noticed a bit before release is that if you're using imap_sieve_filter plugin, the IMAP FILTER command may trigger the new excessive resource usage check since it can be processing many messages rapidly. You may want to prevent this with protocol imap { sieve_max_cpu_time=0 }

https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.15.tar.gz <https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.15.tar.gz>
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.15.tar.gz.sig <https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.15.tar.gz.sig>

Binary packages in https://repo.dovecot.org/ <https://repo.dovecot.org/>
Docker images in https://hub.docker.com/r/dovecot/dovecot <https://hub.docker.com/r/dovecot/dovecot>

 * CVE-2020-28200: Sieve interpreter is not protected against abusive
   scripts that claim excessive resource usage. Fixed by limiting the
   user CPU time per single script execution and cumulatively over
   several script runs within a configurable timeout period. Sufficiently
   large CPU time usage is summed in the Sieve script binary and execution
   is blocked when the sum exceeds the limit within that time. The block
   is lifted when the script is updated after the resource usage times out.
 * Disconnection log messages are now more standardized across services.
   They also always now start with "Disconnected" prefix.
 - managesieve: Commands pipelined together with and just after the
   authenticate command cause these commands to be executed twice.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot-news/attachments/20210621/10d6d674/attachment-0001.html>

More information about the Dovecot-news mailing list