[Dovecot-news] Dovecot v2.3.14 released

Aki Tuomi aki.tuomi at dovecot.fi
Thu Mar 4 12:21:48 EET 2021 

Hi!

We are pleased to release v2.3.14 of Dovecot.

IMPORTANT NOTE:

We have removed some components from the software, please review changelogs carefully prior upgrading.

Please find source tarballs at
https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz.sig

Binary packages in https://repo.dovecot.org/
Docker images in https://hub.docker.com/r/dovecot/dovecot

Aki Tuomi
Open-Xchange oy

---

* Added new aliases for some variables. Usage of the old ones is possible,
  but discouraged. (These were partially added already to v2.3.13.)
  See https://doc.dovecot.org/configuration_manual/config_file/config_variables/
  for more information.
* Optimize imap/pop3/submission/managesieve proxies to use less CPU at
  the cost of extra memory usage.
* Remove autocreate, expire, snarf and mail-filter plugins.
* Remove cydir storage driver.
* Remove XZ/LZMA write support. Read support will be removed in future release.
* doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP
  environment variable is not set. Timestamp format is taken from
  log_timestamp setting.
* If BROKENCHAR or listescape plugin is used, the escaped folder names
  may be slightly different from before in some situations. This is
  unlikely to cause issues, although caching clients may redownload the
  folders.
* imapc: It now enables BROKENCHAR=~ by default to escape remote folder
  names if necessary. This also means that if there are any '~'
  characters in the remote folder names, they will be visible as "~7e".
* imapc: When using local index files folder names were escaped on
  filesystem a bit differently. This affects only if there are folder
  names that actually require escaping, which isn't so common. The old
  style folders will be automatically deleted from filesystem.
* stats: Update exported metrics to be compliant with OpenMetrics standard.
+ doveadm: Add an optional '-p' parameter to metadata list command. If
  enabled, "/private", and "/shared" metadata prefixes will be prepended
  to the keys in the list output.
+ doveconf: Support environment variables in config files. See
  https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#environment-variables
  for more details.
+ indexer-worker: Change indexer to disconnect from indexer-worker
  after each request. This allows service indexer-worker's service_count &
  idle_kill settings to work. These can be used to restart indexer-worker
  processes once in a while to reduce their memory usage.
- auth: "nodelay" with various authentication mechanisms such as apop
  and digest-md5 crashed AUTH process if authentication failed.
- auth: Auth lua script generating an error triggered an assertion
  failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify):
  assertion failed: (lua_gettop(script->L) == 0).
- configure: Fix libunwind detection to work on other than x86_64 systems.
- doveadm-server: Process could crash if logging was done outside command
  handling. For example http-client could have done debug logging
  afterwards, resulting in either segfault or Panic:
  file http-client.c: line 642 (http_client_context_close):
  assertion failed: (cctx->clients_list == NULL).
- dsync: Folder name escaping with BROKENCHAR didn't work completely
  correctly. This especially caused problems with dsync-migrations using
  imapc where some of the remote folder names may not have been accessible.
- dsync: doveadm sync + imapc doesn't always sync all mails when doing
  an incremental sync (-1), which could lead to mail loss when it's used
  for migration. This happens only when GUIDs aren't used (i.e.
  imapc without imapc_features=guid-forced).
- fts-tika: When tika server returns error, some mails cause Panic:
  file message-parser.c: line 802 (message_parser_deinit_from_parts):
  assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
- lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have
  resulted in crashes. This exposed that Dovecot was wrongly accepting
  atoms in "nstring" handling. Changed the IMAP parsing to be more
  strict about this now.
- lib-index: If dovecot.index.cache has corrupted message size, fetching
  BODY/BODYSTRUCTURE may cause assert-crash:
  Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish):
  assertion failed: (mail->data.parts != NULL).
- lib-index: Minor error handling and race condition fixes related to
  rotating dovecot.index.log. These didn't usually cause problems,
  unless the log files were rotated rapidly.
- lib-lua: Lua scripts using coroutines or lua libraries using coroutines
  (e.g., cqueues) panicked.
- Message PREVIEW handled whitespace wrong so first space would get
  eaten from between words.
- FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively.
- lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
  was written in a way that may have caused confusion for IMAP clients
  and also Dovecot itself when parsing it. The truncated part is now
  written out using application/octet-stream MIME type.
- lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to
  use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed:
  (meth->context_size <= MAC_MAX_CONTEXT_SIZE).
- event filters: NOT keyword did not have the correct associativity.
  NOT a AND b were getting parsed as NOT (a AND b) instead of
  (NOT a) AND b.
- Ignore ECONNRESET when closing socket. This avoids logging useless
  errors on systems like FreeBSD.
- event filters: event filter syntax error may lead to Panic:
  file event-filter.c: line 137 (event_filter_parse): assertion failed:
  (state.output == NULL)
- lib: timeval_cmp_margin() was broken on 32-bit systems. This could
  potentially have caused HTTP timeouts to be handled incorrectly.
- log: instance_name wasn't used as syslog ident by the log process.
- master: After a service reached process_limit and client_limit, it
  could have taken up to 1 second to realize that more client connections
  became available. During this time client connections could have been
  unnecessarily rejected and a warning logged:
  Warning: service(...): process_limit (...) reached, client connections are being dropped
- stats: Crash would occur when generating openmetrics data for metrics
  using aggregating functions.
- stats: Event filters comparing against empty strings crash the stats
  process.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot-news/attachments/20210304/62c49dde/attachment.sig>

More information about the Dovecot-news mailing list