Dovecot v18.104.22.168 released (Pigeonhole 0.4.24.1)
michael at michaelmarley.com
Tue Feb 5 21:27:37 EET 2019
On 2019-02-05 13:07, Stephan Bosch via dovecot wrote:
> Here is the associated release for Pigeonhole:
> Binary packages included in https://repo.dovecot.org/
> + imapsieve: Added imapsieve_expunge_discarded setting which causes
> discarded messages to be expunged immediately.
> - Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context
> modify the message, store the message a second time, rather than
> replacing the originally stored unmodified message.
> - imapsieve: Fix crash when COPYing mails from a virtual mailbox
> the source messages originate from more than a single real
> - imap_filter_sieve plugin: Implement the missing UID FILTER
> - imap_filter_sieve plugin: Fix FILTER to work with pipelining
> Op 5-2-2019 om 14:01 schreef Aki Tuomi:
>> * CVE-2019-3814: If imap/pop3/managesieve/submission client has
>> trusted certificate with missing username field
>> (ssl_cert_username_field), under some configurations Dovecot
>> mistakenly trusts the username provided via authentication
>> of failing.
>> * ssl_cert_username_field setting was ignored with external SMTP
>> because none of the MTAs (Postfix, Exim) currently send the
>> cert_username field. This may have allowed users with trusted
>> certificate to specify any username in the authentication. This
>> didn't affect Dovecot's Submission service.
>> - pop3_no_flag_updates=no: Don't expunge RETRed messages without
>> - director: Kicking a user assert-crashes if login process is
>> very slow
>> - lda/lmtp: Fix assert-crash with some Sieve scripts when
>> - fs-compress: Using maybe-gz assert-crashed when reading 0 sized
>> - Snippet generation crashed with invalid Content-Type:multipart
>> Aki Tuomi
>> Open-Xchange Oy
Is there going to be an equivalent 0.5.4.1 release with the same
functionality but for Dovecot 2.3.x?
More information about the dovecot