Cyrus IMAP 2.5.14 released

ellie timoney ellie at fastmail.com
Thu Nov 14 19:11:56 EST 2019


The Cyrus team is proud to announce the immediate availability of a new version of Cyrus IMAP: 2.5.14

This release contains a fix for CVE-2019-18928, a session hijacking vulnerability in the httpd daemon.  If you compile cyrus with HTTP support enabled, your cyrus.conf contains SERVICES entries that run the httpd daemon, and you provide a proxy frontend service that reuses connections to the backend, you will need this upgrade.

I'm trialling hosting the release files using Github's releases feature.  Please use the Github download links if possible, and advise if you have any problems!  (It may even download faster due to Github's content delivery network.)

Download URLs:

    https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus-imapd-2.5.14/cyrus-imapd-2.5.14.tar.gz
    https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus-imapd-2.5.14/cyrus-imapd-2.5.14.tar.gz.sig

    https://www.cyrusimap.org/releases/cyrus-imapd-2.5.14.tar.gz
    https://www.cyrusimap.org/releases/cyrus-imapd-2.5.14.tar.gz.sig

Please consult the release notes before upgrading to 2.5.14:

    https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html

And join us on Github at https://github.com/cyrusimap/cyrus-imapd to report issues, join in the deliberations of new features for the next Cyrus IMAP release, and to contribute to the documentation.

On behalf of the Cyrus team,

Kind regards,

ellie timoney


More information about the Cyrus-announce mailing list