<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Thank you!<br>
    </p>
    <div class="moz-cite-prefix">On 2/5/2019 8:43 AM, Aki Tuomi wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:570629184.1501.1549381414356@appsuite-dev-gw1.open-xchange.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <meta charset="UTF-8">
      <div> Hi, </div>
      <div> <br>
      </div>
      <div> as per our EOL statement 2.2.36 receives security and
        critical updates. That said, we decided to flush few annoying
        bugs with .1 release. </div>
      <div> <br>
      </div>
      <div> You do not need to build releases for 2.2. </div>
      <div> <br>
      </div>
      <div> Aki </div>
      <blockquote type="cite">
        <div> On 05 February 2019 at 17:36 Eric Broch < <a
            href="mailto:ebroch@whitehorsetc.com" moz-do-not-send="true">ebroch@whitehorsetc.com</a>>
          wrote: </div>
        <div> <br>
        </div>
        <div> <br>
        </div>
        <div> Aki, </div>
        <div> <br>
        </div>
        <div> What's the difference between 2.2.x and 2.3.x version of
          Dovecot? And </div>
        <div> why do you maintain both? </div>
        <div> <br>
        </div>
        <div> I stopped building RPM's of the 2.2.x version and now only
          build 2.3.x. </div>
        <div> Should I be maintaining both? </div>
        <div> <br>
        </div>
        <div> Eric </div>
        <div> <br>
        </div>
        <div> On 2/5/2019 6:01 AM, Aki Tuomi wrote: </div>
        <blockquote type="cite">
          <div> <a
              href="https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz"
              rel="noopener" target="_blank" moz-do-not-send="true">https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz</a>
          </div>
          <div> <a
              href="https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig"
              rel="noopener" target="_blank" moz-do-not-send="true">https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig</a>
          </div>
        </blockquote>
        <blockquote type="cite">
          <div>     * CVE-2019-3814: If imap/pop3/managesieve/submission
            client has </div>
          <div>       trusted certificate with missing username field </div>
          <div>       (ssl_cert_username_field), under some
            configurations Dovecot </div>
          <div>       mistakenly trusts the username provided via
            authentication instead </div>
          <div>       of failing. </div>
          <div>     * ssl_cert_username_field setting was ignored with
            external SMTP AUTH, </div>
          <div>       because none of the MTAs (Postfix, Exim) currently
            send the </div>
          <div>       cert_username field. This may have allowed users
            with trusted </div>
          <div>       certificate to specify any username in the
            authentication. This bug </div>
          <div>       didn't affect Dovecot's Submission service. </div>
        </blockquote>
        <blockquote type="cite">
          <div>     - pop3_no_flag_updates=no: Don't expunge RETRed
            messages without QUIT </div>
          <div>     - director: Kicking a user assert-crashes if login
            process is very slow </div>
          <div>     - lda/lmtp: Fix assert-crash with some Sieve scripts
            when </div>
          <div>      
            mail_attachment_detection_options=add-flags-on-save </div>
          <div>     - fs-compress: Using maybe-gz assert-crashed when
            reading 0 sized file </div>
          <div>     - Snippet generation crashed with invalid
            Content-Type:multipart </div>
        </blockquote>
        <div> > </div>
        <blockquote type="cite">
          <div> --- </div>
        </blockquote>
        <blockquote type="cite">
          <div> Aki Tuomi </div>
          <div> Open-Xchange Oy </div>
        </blockquote>
        <div> > </div>
        <div> -- </div>
        <div> Eric Broch </div>
        <div> White Horse Technical Consulting (WHTC) </div>
      </blockquote>
      <div> <br>
      </div>
      <div class="io-ox-signature"> --- <br>
        Aki Tuomi </div>
    </blockquote>
    <pre class="moz-signature" cols="72">-- 
Eric Broch
White Horse Technical Consulting (WHTC)
</pre>
  </body>
</html>