v2.2.28 released
Aki Tuomi
aki.tuomi at dovecot.fi
Tue Mar 7 09:08:54 UTC 2017
On 07.03.2017 10:52, Nagy, Attila wrote:
> On 03/06/2017 11:30 PM, Timo Sirainen wrote:
>> On 6 Mar 2017, at 9.17, Tom Sommer <mail at tomsommer.dk> wrote:
>>>
>>> On 2017-02-24 14:34, Timo Sirainen wrote:
>>>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz
>>>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz.sig
>>> Are there any plans to do a bugfix-release, that includes the few
>>> issues seen in the mailing-list, or do you consider 2.2.28 safe to
>>> upgrade to?
>> I don't see anything critical. A couple of bugs that might or might
>> not affect you. We'll have 2.2.29 soon enough, so no plans for other
>> releases before that.
> Truncating passwords with dict protocol* seems quite critical to me. :-O
> Or is it just me, who's affected by that?
>
> *: http://dovecot.org/list/dovecot/2017-February/107265.html
Hi!
The password is not actually truncated, it's actually subjected to
var_expand, which is silly. We are working on a patch for this and let
y'all know when it's ready. The only truncation happens with % as last
character.
Aki
More information about the dovecot
mailing list