Commit Graph

6 Commits

Author SHA1 Message Date
Michal Hlavinka
f838a05fb9 dovecot updated to 2.3.15, pigeonhole updated to 0.5.15
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
  JWT tokens. This may be used to supply attacker controlled keys to
  validate tokens, if attacker has local access.
CVE-2021-33515: On-path attacker could have injected plaintext commands
  before STARTTLS negotiation that would be executed after STARTTLS
  finished with the client.
Add TSLv1.3 support to min_protocols.
Allow configuring ssl_cipher_suites. (for TLSv1.3+)
2021-06-21 23:25:54 +02:00
Michal Hlavinka
88a20bf4a4 dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1 2018-03-01 14:04:22 +01:00
Michal Hlavinka
8c9abbf261 dovecot updated to 2.2.22
- auth: Auth caching was done too aggressively when %variables were
  used in default_fields, override_fields or LDAP pass/user_attrs.
  userdb result_* were also ignored when user was found from cache.
- imap: Fixed various assert-crashes caused v2.2.20+. Some of them
  caught actual hangs or otherwise unwanted behavior towards IMAP
  clients.
- Expunges were forgotten in some situations, for example when
  pipelining multiple IMAP MOVE commands.
- quota: Per-namespaces quota were broken for dict and count backends
  in v2.2.20+
- fts-solr: Search queries were using OR instead of AND as the
  separator for multi-token search queries in v2.2.20+.
- Single instance storage support wasn't really working in v2.2.16+
- dbox: POP3 message ordering wasn't working correctly.
- virtual plugin: Fixed crashes related to backend mailbox deletions.
2016-03-16 13:58:24 +01:00
Michal Hlavinka
7e0f121e5e dovecot updated to 2.2.19
- mdbox: Rebuilding could have caused message's reference count to
  overflow the 16bit number in some situations, causing problems when
  trying to expunge the duplicates.
- Various search fixes (fts, solr, tika, lib-charset, indexer)
- Various virtual plugin fixes
- Various fixes and optimizations to dsync, imapc and pop3-migration
- imap: Various RFC compliancy and crash fixes to NOTIFY
- pigeonhole updated to 0.4.9
- ManageSieve: Fixed an assert failure occurring when a client
  disconnects during the GETSCRIPT command.
- doveadm sieve plugin: Fixed incorrect initialization (mem leaks) of mail user.
- sieve-filter command line tool: Fixed handling of failure-related
  implicit keep when there is an explicit default destination folder.
- lib-sieve: Fixed bug in RFC5322 header folding.
2015-10-05 13:02:53 +02:00
Michal Hlavinka
ad771a9d2a major update to dovecot 2.2 RC2 2013-02-27 13:06:12 +01:00
Michal Hlavinka
238b8d2f24 fix network still not ready race condition (#871623) 2012-11-08 17:26:53 +01:00