Support
Upgrade Dovecot from 1.0.10 to 1.0.13
Today our support team upgrade Dovecot from 1.0.10 to 1.0.13, this version has many change as follow:
- mail_extra_groups setting was commonly used insecurely. This setting is now deprecated. Most users should switch to using mail_privileged_group setting, but if you really need the old functionality use mail_access_groups instead.
- mbox: Dropped some of the physical size fetch optimizations added in v1.0.8. This makes some commands slower, but should fix the rest of the problems.
- IMAP: SEARCH BEFORE/ON/SINCE didn't handle timezones correctly.
- ldap: auth_bind was doing lookups using subtree scope instead of the scope specified in config file.
- zlib plugin crashfixes by Richard Platel
- master passdbs: pass=yes setting was broken with blocking passdbs (e.g. MySQL)
- Using mail_privileged_group with dotlock_use_excl=no worked, but it logged "access denied" errors.
- Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd and shadow if blocking=yes) where user could specify extra fields in the password. The main problem here is when specifying "skip_password_check" introduced in v1.0.11 for fixing master user logins, allowing the user to log in as anyone without a valid password.
- mail_privileged_group was broken in some systems (OS X, Solaris?)
- IMAP THREAD: Fixed some correctness problems
Created on 2008.03.26
