similar to: CVE-2021-29157: oauth2 JWT local validation path traversal

Hi, This is an "important fixes only" release in case you don't want to upgrade to v2.3.15. There is no matching Pigeonhole release - use the same v2.3.14 instead. https://dovecot.org/releases/2.3/dovecot-2.3.14.1.tar.gz <https://dovecot.org/releases/2.3/dovecot-2.3.14.1.tar.gz> https://dovecot.org/releases/2.3/dovecot-2.3.14.1.tar.gz.sig

Hi, This is an "important fixes only" release in case you don't want to upgrade to v2.3.15. There is no matching Pigeonhole release - use the same v2.3.14 instead. https://dovecot.org/releases/2.3/dovecot-2.3.14.1.tar.gz <https://dovecot.org/releases/2.3/dovecot-2.3.14.1.tar.gz> https://dovecot.org/releases/2.3/dovecot-2.3.14.1.tar.gz.sig

Hello, my IdP is kind of progressive and implemented RFC9068, where all access tokens now come with typ "at+JWT". Since the setup has used local validation, I had to switch and currently use introspection endpoint. Looked around at the src and there seems to be relatively simple check of the token typ checking the only fixed value of "JWT" -- do you think you could consider

We are pleased to release v2.3.11.3. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-12100: Parsing mails with a large number of MIME parts could

We are pleased to release v2.3.11.3. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-12100: Parsing mails with a large number of MIME parts could

Dear all, To explain my problem I am attaching a demonstration package "myclasspkg": I have the following two S4 classes with similar inheritance: SubSubClassA <- SubClassB <- BaseClass SubSubClassB <- SubClassB <- BaseClass In R I am calling the following functions: > library(myclasspkg) > subA <-

Does puppet export a variable containing the name of the module currently being processed? That is, if i''m reading the file "modules/ntp/manifests/whatever.pp", is there any puppet variable containing the string "ntp"? That''s the entire question --- here''s the context in case it helps: I have a wrapper function which implements a search path for

Hello, I'm very new in working with tcl/tk in R and have a problem which will probably sound silly to most of you. Here is the code I have problems with: readcelfiles <- function() { require(tcltk) tt <- tktoplevel() tkgrid(tklabel(tt,text="Choose a directory!")) OnOK <- function() { fileDir<-tclvalue(tkchooseDirectory()) data.raw <-

Hello all, My application uses the OAuth2 gem (0.1.1) to connect to Facebook, and the ActiveMerchant gem (1.12.0) to connect to PayPal. Under what is the current Rails/Ruby distribution, both of these gems throw the following OpenSSL::SSL::SSLError when used: * SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed I did some digging, and found two

All, We currently use a proxy configuration with an sql query to authenticate and discover which backend server an address belongs to and proxy the connection to that host to authenticate and retrieve mail. We are looking to move to OAUTH2 for authentication and am just trying to figure how how to get that extra host information as part of the passdb query when using this mechanism. Looking at

I have included oauth2 and authlogic-oauth2 in the gemfile as I want to use them and am trying to start the server. It doesn''t start and gives me the error /Library/Ruby/Gems/1.8/gems/railties-3.0.3/lib/rails.rb:44:in `configuration'': undefined method `config'' for nil:NilClass (NoMethodError) from

Hi, i started using oauth2 gem by intridea (http://github.com/intridea/oauth2) and don''t know how to fix this problem. I have developed both client and server and on request for access_token i see no grant_type parameter. My code from client callback controller class CallbackController < Devise::OauthCallbacksController def accounts access_token =

Hi, I have a problem with configuring dovecot passdb for Oauth2 with keyclock. A user can access more mailbox, mailboxes are associated with the user. When a user login with this method: OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot ready. a login mailbox*user password Dovecot when requiring the grant_url send to Keyclock, for example, this post

Dear ALL, Anyone have come accross the following error, your comments would be of great help, plz suggest on this,OAuth2::Error ({"ErrorCode":" UnsupportedAuthorizationScheme","ErrorMessage":"Only 'Bearer' scheme is supported for Authorization header."})* Any help is greatlly appreciated Thanks & Regards, Usha -- You received this message

Hi all, I'm wondering if there are any IMAP client software alternative to Thunderbird who can handle OAuth2 other than using gmail, yahoo etc (ex, talk to local auth provider)? Thunderbird does not seem to support well at the time being so I'm wondering what other choices we may have for our user communities. Thank you very much. Mizuki -------------- next part -------------- An HTML

Here is a function I wrote. It runs no problem, but generate empty pdf files. I can't find what is the problem. create.pdf<- function(x, dir) { dir.create(dir, showWarnings = FALSE) plist<- c("a", "b" , "c", "d") for(j in plist) { filedir<- paste(dir, "/", j, ".pdf",

From: haibinzhang(???) <haibinzhang at tencent.com> Date: Fri, 6 Apr 2018 08:22:37 +0000 > handle_tx will delay rx for tens or even hundreds of milliseconds when tx busy > polling udp packets with small length(e.g. 1byte udp payload), because setting > VHOST_NET_WEIGHT takes into account only sent-bytes but no single packet length. > > Ping-Latencies shown below were tested

From: haibinzhang(???) <haibinzhang at tencent.com> Date: Mon, 9 Apr 2018 07:22:17 +0000 > handle_tx will delay rx for tens or even hundreds of milliseconds when tx busy > polling udp packets with small length(e.g. 1byte udp payload), because setting > VHOST_NET_WEIGHT takes into account only sent-bytes but no single packet length. > > Ping-Latencies shown below were tested

Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3744 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 2.3.9 Vulnerable component: submission-login, lmtp Fixed version: 2.3.9.3 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notification: 2020-01-14 CVE reference:

Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3744 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 2.3.9 Vulnerable component: submission-login, lmtp Fixed version: 2.3.9.3 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notification: 2020-01-14 CVE reference: