similar to: OAuth2: local validation with RFC9068 tokens

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22

Practically speaking, most popular IAM and SSO solutions offer OIDC SAML tokens but do not offer Kerberos tickets.? OpenID Connect is a standard which itself is based on RFC6749 (OAuth2). This provides a compelling reason to support it in addition to Kerberos.? I'll also note that OIDC tokens are easy to validate without a bidirectional trust relationship between the IdP and RP. SSH

Hello all, My application uses the OAuth2 gem (0.1.1) to connect to Facebook, and the ActiveMerchant gem (1.12.0) to connect to PayPal. Under what is the current Rails/Ruby distribution, both of these gems throw the following OpenSSL::SSL::SSLError when used: * SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed I did some digging, and found two

We are pleased to release v2.3.11.3. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-12100: Parsing mails with a large number of MIME parts could

We are pleased to release v2.3.11.3. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-12100: Parsing mails with a large number of MIME parts could

Hi, I have a problem with configuring dovecot passdb for Oauth2 with keyclock. A user can access more mailbox, mailboxes are associated with the user. When a user login with this method: OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot ready. a login mailbox*user password Dovecot when requiring the grant_url send to Keyclock, for example, this post

I have included oauth2 and authlogic-oauth2 in the gemfile as I want to use them and am trying to start the server. It doesn''t start and gives me the error /Library/Ruby/Gems/1.8/gems/railties-3.0.3/lib/rails.rb:44:in `configuration'': undefined method `config'' for nil:NilClass (NoMethodError) from

Hi, i started using oauth2 gem by intridea (http://github.com/intridea/oauth2) and don''t know how to fix this problem. I have developed both client and server and on request for access_token i see no grant_type parameter. My code from client callback controller class CallbackController < Devise::OauthCallbacksController def accounts access_token =

All, We currently use a proxy configuration with an sql query to authenticate and discover which backend server an address belongs to and proxy the connection to that host to authenticate and retrieve mail. We are looking to move to OAUTH2 for authentication and am just trying to figure how how to get that extra host information as part of the passdb query when using this mechanism. Looking at

Dear ALL, Anyone have come accross the following error, your comments would be of great help, plz suggest on this,OAuth2::Error ({"ErrorCode":" UnsupportedAuthorizationScheme","ErrorMessage":"Only 'Bearer' scheme is supported for Authorization header."})* Any help is greatlly appreciated Thanks & Regards, Usha -- You received this message

Hi all, I'm wondering if there are any IMAP client software alternative to Thunderbird who can handle OAuth2 other than using gmail, yahoo etc (ex, talk to local auth provider)? Thunderbird does not seem to support well at the time being so I'm wondering what other choices we may have for our user communities. Thank you very much. Mizuki -------------- next part -------------- An HTML

Has anyone gotten started with getting the OAuth2 replacement for Facebook Connect working with auth_logic? I know there is an OAuth2 gem (http://intridea.com/2010/4/22/oauth2- gem-just-in-time-for-facebook-graph?blog=company), and I''m thinking of using that to integrate. Anyone know when the Fb Connect API will be shut down? -- You received this message because you are subscribed to

On Tue, Mar 7, 2023, at 3:25 AM, Rory Campbell-Lange wrote: > On 07/03/23, Darren Tucker (dtucker at dtucker.net) wrote: >> On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote: >> [...] >> > ssh_config contains a Match ... exec [command to refresh the certificate]. >> > This sort of works, except that it runs the command far too

Hi! We are pleased to release v2.3.14 of Dovecot. IMPORTANT NOTE: We have removed some components from the software, please review changelogs carefully prior upgrading. Please find source tarballs at https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in

Hi! We are pleased to release v2.3.14 of Dovecot. IMPORTANT NOTE: We have removed some components from the software, please review changelogs carefully prior upgrading. Please find source tarballs at https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.14.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in

Vivendi Universal Games France assure à ses clients un traitement professionnel et de qualité. Nous avons bien pris en compte votre demande et nous vous remercions de l’intérêt que vous portez à nos logiciels. Une réponse personnalisée vous sera transmise sous peu. Toutefois, afin de réduire votre temps d’attente, nous avons regroupé les informations techniques les plus demandées. Vous pouvez

> Le 9 juil. 2020 ? 19:26, Bernhard Dick via samba <samba at lists.samba.org> a ?crit : > > ?Hi, > >> Am 02.07.2020 um 17:23 schrieb Martin Hauptmann via samba: >> Sorry if I didn't find the right manual. >> I would like to set up a new Domain Controller and connect it to an existing Office 365 with Exchange in a way, AD-Users of a certain group can login

On Thu, Feb 8, 2024 at 1:18?PM Chris Rapier <rapier at psc.edu> wrote: > > I know that there are some methods to use federated identities (e.g. > OAuth2) with SSH authentication but, from what I've seen, they largely > seem clunky and require users to interact with web browsers to get one > time tokens. Which is sort of acceptable for occasional logins but > doesn't

We are pleased to release first release candidate for v2.3.14. We have done changes to packaging so please give us any feedback on how it works. https://dovecot.org/releases/2.3/rc/dovecot-2.3.14.rc1.tar.gz https://dovecot.org/releases/2.3/rc/dovecot-2.3.14.rc1.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images are not available for this release candidate. Kind regards, Aki