Cyrus 2.4.12 Released

Bron Gondwana brong at
Tue Oct 4 16:32:29 EDT 2011

We are pleased to announce the release of Cyrus IMAPd 2.4.12.

This is a security update to the 2.4.x series, containing
a fix to Secunia SA46093.  Stefan Cornelius from Secunia
Research discovered that anonymous users can appear to be
authenticated as any useri to nttpd - by just failing to
send any PASS command.

Despite the security issue forcing this release, it's
wonderful to see how many different authors are represented.
Not only the regular contributions from Bron, Greg and Ken,
but lots of bugs reported through bugzilla along with patches.

We strongly recommend that all users of the stable series upgrade
to 2.4.12, or at least apply the patch here:

You can download via HTTP or FTP:

The list of reported bugs fixed can be found here:

(or check the changelog for the ones that were actually FIXED in
 this release rather than closed as no-longer-present)

If you want extreme detail of all changes made, check git:



More information about the Cyrus-devel mailing list