v2.2.30 released

FUSTE Emmanuel emmanuel.fuste at thalesgroup.com
Wed May 31 16:32:03 EEST 2017


Le 30/05/2017 à 20:16, Timo Sirainen a écrit :
> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
>
>   * auth: Use timing safe comparisons for everything related to
>     passwords. It's unlikely that these could have been used for
>     practical attacks, especially because Dovecot delays and flushes all
>     failed authentications in 2 second intervals. Also it could have
>     worked only when passwords were stored in plaintext in the passdb.
>   * master process sends SIGQUIT to all running children at shutdown,
>     which instructs them to close all the socket listeners immediately.
>     This way restarting Dovecot should no longer fail due to some
>     processes keeping the listeners open for a long time.
>
>   + auth: Add passdb { mechanisms=none } to match separate passdb lookup
>   + auth: Add passdb { username_filter } to use passdb only if user
>     matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
Shouldn't the wiki be corrected ?
we have:
mechanisms: Skip, if non-empty and the current auth mechanism is listed 
here.

but the intended meaning is:
mechanisms: Skip, if non-empty and the current auth mechanism is not 
listed here.

Isn't it?

Emmanuel.


More information about the dovecot mailing list