File: 3.0.3.rst.txt

package info (click to toggle)
cyrus-imapd 3.12.1-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 60,540 kB
  • sloc: ansic: 280,382; perl: 146,834; javascript: 9,624; sh: 5,730; yacc: 2,660; cpp: 2,263; makefile: 2,103; lex: 675; xml: 621; awk: 303; python: 273; asm: 262
file content (68 lines) | stat: -rw-r--r-- 2,460 bytes parent folder | download | duplicates (18) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
:tocdepth: 3

===============================
Cyrus IMAP 3.0.3 Release Notes
===============================

.. IMPORTANT::

    This is a bug-fix release in the stable 3.0 series.

    Refer to the Cyrus IMAP 3.0.0 Release Notes for important information
    about the 3.0 series, including upgrading instructions.

Download from GitHub:

    *   https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus-imapd-3.0.3/cyrus-imapd-3.0.3.tar.gz
    *   https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus-imapd-3.0.3/cyrus-imapd-3.0.3.tar.gz.sig

.. _relnotes-3.0.3-changes:

Changes Since 3.0.2
===================

Security fixes
--------------

An authenticated non-admin IMAP user could overwrite an arbitrary file (subject
to cyrus user permissions) with specially crafted SYNCAPPLY, SYNCGET or
SYNCRESTORE commands.

This issue was introduced with commit
`152f59c <https://github.com/cyrusimap/cyrus-imapd/commit/152f59c608232711f9c58821ac245617544c1b91>`_
and affects all releases from the 3.0 series prior to this.  2.5 and earlier
are not affected.

It is fixed by commits
`53c4137 <https://github.com/cyrusimap/cyrus-imapd/commit/53c4137bd924b954432c6c59da7572c4c5ffa901>`_
and
`5edadcf <https://github.com/cyrusimap/cyrus-imapd/commit/5edadcfb83bf27107578830801817f9e6d0ad941>`_.

Other changes
-------------

* Improved JMAP support
* imapd client_id log lines now include the session id

Bug fixes
---------

* Fixed: lmtpd no longer crashes due to uninitialised quotadb
* Fixed :issue:`1434`: buffer overflow in auth_pts from too-long imapd.conf value
* Fixed :issue:`1090`: non-standard NO response to ID command
* Fixed: uninitialised buffer in ischedule
* Fixed: replication desyncronisation when only last_uid field changes
* Fixed :issue:`2076`: IMAP LIST was unnecessarily dependent on PCRE
* Fixed :issue:`1437`: buffer overflow in mupdate-client from too-long imapd.conf value
* Fixed :issue:`2080`: crash in cyrdump due to uninitialised mboxname
* Fixed: installed arrayu64.h and strarray.h no longer depend on util.h
* Fixed: backup staging files are now cleaned up on signal shutdown
* Fixed: backup no longer re-uses reserve partition as staging path

Erratum
-------

Earlier release notes from the 3.0 series stated that the default value of
the ``virtdomains`` option had changed from ``off`` to ``userid``.  This is
not the case: the default is still ``off``, and will remain so for the life
of the 3.0 series.