Dovecot v2.2.36.1 released (Pigeonhole 0.4.24.1)

Stephan Bosch stephan at rename-it.nl
Tue Feb 5 20:07:12 EET 2019 

Hi,

Here is the associated release for Pigeonhole:

https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz.sig
Binary packages included in https://repo.dovecot.org/

     + imapsieve: Added imapsieve_expunge_discarded setting which causes
       discarded messages to be expunged immediately.
     - Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that
       modify the message, store the message a second time, rather than
       replacing the originally stored unmodified message.
     - imapsieve: Fix crash when COPYing mails from a virtual mailbox when
       the source messages originate from more than a single real mailbox
     - imap_filter_sieve plugin: Implement the missing UID FILTER command.
     - imap_filter_sieve plugin: Fix FILTER to work with pipelining


Regards,

Stephan.

Op 5-2-2019 om 14:01 schreef Aki Tuomi:
> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz
> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig
>
>      * CVE-2019-3814: If imap/pop3/managesieve/submission client has
>        trusted certificate with missing username field
>        (ssl_cert_username_field), under some configurations Dovecot
>        mistakenly trusts the username provided via authentication instead
>        of failing.
>      * ssl_cert_username_field setting was ignored with external SMTP AUTH,
>        because none of the MTAs (Postfix, Exim) currently send the
>        cert_username field. This may have allowed users with trusted
>        certificate to specify any username in the authentication. This bug
>        didn't affect Dovecot's Submission service.
>
>      - pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT
>      - director: Kicking a user assert-crashes if login process is very slow
>      - lda/lmtp: Fix assert-crash with some Sieve scripts when
>        mail_attachment_detection_options=add-flags-on-save
>      - fs-compress: Using maybe-gz assert-crashed when reading 0 sized file
>      - Snippet generation crashed with invalid Content-Type:multipart
>
>
> ---
>
> Aki Tuomi
> Open-Xchange Oy
>
>

More information about the dovecot mailing list