similar to: Dovecot v2.3.14.1 released

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22

Hi everybody. I''d like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two **extremely critical security fixes** so please update **IMMEDIATELY**. You can read about the security fixes by following these links: * [CVE-2013-0155](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b75585bae4326af2) *

Hi everybody. I''d like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two **extremely critical security fixes** so please update **IMMEDIATELY**. You can read about the security fixes by following these links: * [CVE-2013-0155](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b75585bae4326af2) *

We are pleased to release first release candidate for v2.3.14. We have done changes to packaging so please give us any feedback on how it works. https://dovecot.org/releases/2.3/rc/dovecot-2.3.14.rc1.tar.gz https://dovecot.org/releases/2.3/rc/dovecot-2.3.14.rc1.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images are not available for this release candidate. Kind regards, Aki

We are pleased to release first release candidate for v2.3.14. We have done changes to packaging so please give us any feedback on how it works. https://dovecot.org/releases/2.3/rc/dovecot-2.3.14.rc1.tar.gz https://dovecot.org/releases/2.3/rc/dovecot-2.3.14.rc1.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images are not available for this release candidate. Kind regards, Aki

Hi! We are pleased to release v2.3.14 of Dovecot. IMPORTANT NOTE: We have removed some components from the software, please review changelogs carefully prior upgrading. Please find source tarballs at https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in

Hi! We are pleased to release v2.3.14 of Dovecot. IMPORTANT NOTE: We have removed some components from the software, please review changelogs carefully prior upgrading. Please find source tarballs at https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

First let me thank you for my initial newby question about poping from a pop3 server and delivering into my Dovecot maildir folders. Now I'm getting an assertion in imap-bodystructure.c and one of my imap folders is now inaccessable. I think the two are related. Whenever I select the folder from my email client (kmail) I get two log entries in the dovecot log of the format:

Hello, I have configure dovecot with solr and I wanted to let solr index content of attachments. For testing I have used biabam command line tool to generate emails with attachments. I have found that dovecot with fts_decoder incorrectly decodes these attachments from biabam and therefore pdftotext has reported corrupted PDF. The problem is that biabam generates header with charset=binary

I want my helpers to generate paths using a superclass instead of the subclasses. Assuming I have Owner and Member that both inherit from User, rails will use the current objects class name when generating paths: Let''s say current_user is a mod: <%= link_to current_user.name, current_user %> will generate "/mod/:id". I want to force it to generate

Hi all! We are pleased to release v2.3.18 of Dovecot. Debian/Stretch support has now been dropped. CentOS 8 packages have been replaced with RedHat Enterprise Linux 8 packages. These should be compatible with all the various variants. https://dovecot.org/releases/2.3/dovecot-2.3.18.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.18.tar.gz.sig Binary packages in https://repo.dovecot.org/

Hi all! We are pleased to release v2.3.18 of Dovecot. Debian/Stretch support has now been dropped. CentOS 8 packages have been replaced with RedHat Enterprise Linux 8 packages. These should be compatible with all the various variants. https://dovecot.org/releases/2.3/dovecot-2.3.18.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.18.tar.gz.sig Binary packages in https://repo.dovecot.org/

Hi all, The new release starts on PowerPC now. On to the next problem... :-) When accessing my folders through Pine (setup to always go through IMAP, even local mboxes) I get "kicked out" it seems, pretty often. Here's what shows in the logfile: imap(jonas): file imap-bodystructure.c: line 342 (part_write_body): assertion failed: (part->children->next == NULL) - Jonas --

We have an imap-client (SOGo) that doesn't handle this status output while searching: * OK Searched 76% of the mailbox, ETA 0:50 Is there any way to disable this output on the dovecot-side? -jf

Hi, Pigeonhole release for Dovecot v2.3.15. One thing we noticed a bit before release is that if you're using imap_sieve_filter plugin, the IMAP FILTER command may trigger the new excessive resource usage check since it can be processing many messages rapidly. You may want to prevent this with protocol imap { sieve_max_cpu_time=0 }

Hi, Pigeonhole release for Dovecot v2.3.15. One thing we noticed a bit before release is that if you're using imap_sieve_filter plugin, the IMAP FILTER command may trigger the new excessive resource usage check since it can be processing many messages rapidly. You may want to prevent this with protocol imap { sieve_max_cpu_time=0 }

Hi All! I am working on a complete migration from an old solaris machine running Cyrus IMAP v2.3.14 and wish to migrate all users to a new ubuntu vm running Dovecot 2.0.19. What I have so far is a fully functional dovecot installation with LDAP / Dovecot SASL auth using Maildir++. My plan is to use Perdition IMAP proxy on a third host and migrate users a few at a time (see attached picture of