Cyrus 2.4.12 Released
Bron Gondwana
brong at fastmail.fm
Tue Oct 4 16:32:29 EDT 2011
We are pleased to announce the release of Cyrus IMAPd 2.4.12.
This is a security update to the 2.4.x series, containing
a fix to Secunia SA46093. Stefan Cornelius from Secunia
Research discovered that anonymous users can appear to be
authenticated as any useri to nttpd - by just failing to
send any PASS command.
Despite the security issue forcing this release, it's
wonderful to see how many different authors are represented.
Not only the regular contributions from Bron, Greg and Ken,
but lots of bugs reported through bugzilla along with patches.
We strongly recommend that all users of the stable series upgrade
to 2.4.12, or at least apply the patch here:
http://git.cyrusimap.org/cyrus-imapd/patch/?id=77903669e04c9788460561dd0560b9c916519594
You can download via HTTP or FTP:
http://cyrusimap.org/releases/cyrus-imapd-2.4.12.tar.gz
ftp://ftp.cyrusimap.org/cyrus-imapd/cyrus-imapd-2.4.12.tar.gz
The list of reported bugs fixed can be found here:
http://cyrusimap.org/mediawiki/index.php/Bugs_Resolved_in_2.4.12
(or check the changelog for the ones that were actually FIXED in
this release rather than closed as no-longer-present)
If you want extreme detail of all changes made, check git:
http://git.cyrusimap.org/cyrus-imapd/log/?id=cyrus-imapd-2.4.12
Regards,
Bron.
More information about the Cyrus-devel
mailing list