File cyrus-imapd.changes of Package cyrus-imapd
-------------------------------------------------------------------
Tue Oct 7 07:24:41 UTC 2025 - Matthias Fehring <buschmann23@opensuse.org> - 3.12.1
- Update to version 3.12.1
* STARTTLS changes
The industry is deprecating STARTTLS (aka opportunistic TLS) in
favor of implicit TLS over a dedicated port. STARTTLS is now
disabled by default.
Installations that need to service clients that use opportunistic
TLS should enable the allowstarttls imapd.conf(5) option for the
services that need it. For example, for a service configured with
the name imap in cyrus.conf(5), set imap_allowstarttls: on to
enable STARTTLS.
* Security changes
+ master: tighten up pidfile/etc handling
[gh#cyrusimap/cyrus-imapd#5477]
* Build changes
+ safer detection of 'function nesting' support
[gh#cyrusimap/cyrus-imapd#5439]
+ fix zoneinfo_db code for GCC 15
[gh#cyrusimap/cyrus-imapd#5450]
* Bug fixes
+ check jmap_max_size_request before parsing JSON
[gh#cyrusimap/cyrus-imapd#5397]
+ recognise service-specific SASL options in
cyr_info conf-lint [gh#cyrusimap/cyrus-imapd#5424]
+ charset.c needs stdbool.h
[gh#cyrusimap/cyrus-imapd#5423]
+ config bitfields must be 64-bits wide
[gh#cyrusimap/cyrus-imapd#5441]
+ fix double-free in http_admin
[gh#cyrusimap/cyrus-imapd#5420]
+ pop3d: add basic prometheus support
[gh#cyrusimap/cyrus-imapd#5460]
+ imtest: fix output for 'C: {0}+'
[gh#cyrusimap/cyrus-imapd#5466]
+ config_read_file leak on fatal
[gh#cyrusimap/cyrus-imapd#5478]
+ imapd: typo in SASL-IR capability
[gh#cyrusimap/cyrus-imapd#5481]
+ httpd fails to parse OpenSSL version for status string
[gh#cyrusimap/cyrus-imapd#5454]
-------------------------------------------------------------------
Fri May 9 07:54:07 UTC 2025 - Matthias Fehring <buschmann23@opensuse.org> - 3.12.0
- Initial package version 3.12.0
* before upgrading you should also read the documentation at
https://www.cyrusimap.org/3.12/imap/download/upgrade.html
- Changes since the 3.10 series
* Major changes
+ Add allowspecialusesubfolder imapd.conf(5) option to permit
special-use subfolders.
+ Suppress duplicate calendar alarms in calalarmd.
+ Add caldav_alarm_suppress_file imapd.conf(5) option to specify
a file whose existence suppresses calalarmd processing
+ Add caldav_alarm_db_path imapd.conf(5) option
+ Add caldav_alarm_support_components imapd.conf(5) option to
suppress alarms for all but select iCalendar component types.
+ Added --clearmodseq option to ctl_conversationsdb(8)
+ Optional I/O throttling, for testing
+ The DAV:principal-property-search REPORT honours the previously
set DAV:displayname property on matches.
+ Adds fatals_abort imapd.conf(5) option for fatal errors to
abort and produce a core dump.
+ The CalDAV and CardDAV HTML administration pages allow editing
the DAV:displayname and description properties. For calendars
also the color and order properties.
+ Enables the calendar-timezone-id (RFC 7809) DAV property even
if tzdist http module is disabled.
+ Adds support for IMAP JMAPACCESS (RFC 9698).
+ Adds the mboxgroups authorization mechanism for access control
groups that are managed within Cyrus.
+ Adds support for IMAP PARTIAL (RFC 9394) and
INPROGRESS (RFC 9585) extensions
+ The IMAP parser now supports full 32-bit unsigned numbers
+ Adds support for IMAP UTF8=ACCEPT (RFC 6855). This extension
will only be advertised and supported if BOTH reject8bit and
munge8bit imapd.conf(5) options are disabled
+ User-defined flags are now replicated even when not in use
on any messages.
+ Adds support for the HAProxy protocol. The imapd(8),
pop3d(8), lmtpd(8), nntpd(8), httpd(8), and timsieved(8)
service daemons now accept a -H argument to enable this.
+ Adds support for comparator-i;unicode-casemap (RFC 5051)
to Sieve
+ Running processes can now have debug logging toggled
on/off by sending them SIGUSR1
+ Updates the email address parser to preserve non-ASCII
characters in the domain part. To apply this to existing
messages, reconstruct(8) the mailboxes with the -G option to
force reparsing email headers.
+ master(8) now restarts failing DAEMON processes, and SERVICE
processes with the babysit flag, forever, with a short delay
in case of recurring failures. Previously, such processes
that failed too many times in a short space of time were
disabled until the operator sent a SIGHUP.
+ Increased granularity of Prometheus report frequency
configuration.
+ Adds JMAP Email/query filter conditions messageId,
references, and inReplyTo. See New JMAP Email/query filter
conditions.
+ Add a skipuser-$userid touchfile to sync directories.
See sync_client(8).
+ Adds replicaonly imapd.conf(5) config option to mark a server
as being only a replica, blocking non-silent writes, and
deactivating calalarmd(8) processing.
* Removed features
+ The experimental Cyrus Backups feature has been removed.
+ DIGEST-MD5 and NTLM are no longer supported in httpd.
You may need to remove DIGEST-MD5 from sasl_mech_list in
imapd.conf(5).
+ The improved_mboxlist_sort imapd.conf(5) option had no
effect since v3.6. It is now deprecated.
+ timsieved(8) now always sends a capability response after
a successful authentication, per RFC 5804. The
sieve_sasl_send_unsolicited_capability imapd.conf(5)
option is now deprecated.
+ Support for the legacy IMAP XMOVE command has been removed.
+ Removed Kerberos 4 support.
+ Removed MIT Kerberized POP3 support.
* Updates to default configurationī
+ The maxlogins_per_user and maxlogins_per_host imapd.conf(5)
options now apply per service, not globally. So for example
if you have maxlogins_per_user: 5 and some user has 5
active IMAP sessions, the user will still be able to access
HTTP services.
The LMTP service now uses these limits too. This can prevent
resource starvation when a lot of mail is being delivered to
a mailbox that is locked for a long time. Instead of having
many lmtpd(8) processes waiting on the lock, excess
connections attempting delivery to the same mailbox will be
deferred with a 4xx response.
+ The prometheus_update_freq imapd.conf(5) option has been
deprecated and replaced by prometheus_service_update_freq,
prometheus_master_update_freq, and prometheus_usage_update_freq,
allowing these sets of statistics to be reported at different
frequencies. The relatively-expensive usage statistics are no
longer reported by default. To re-enable, configure a suitable
update frequency for prometheus_usage_update_freq.
* Security fixes
+ Fixed: prevent Cyrus IMAP servers being used in Application
Layer Protocol Confusion (ALPACA) attacks, particularly
against web browsers [gh#cyrusimap/cyrus-imapd#5046]
* Significant bugfixes
+ Fixed: Adds a way to freeze an entire server temporarily
while taking snapshots or similar, using cyr_withlock_run(8).
This relies on a new global_lock imapd.conf(5) option being
enabled, which is enabled by default. Whether or not this
setting is enabled, you can also use cyr_withlock_run --user
to run a command with a single user locked.
[gh#cyrusimap/cyrus-imapd#1763]
+ Fixed: can't subscribe to shared mailbox when username is
a prefix of owner's username [gh#cyrusimap/cyrus-imapd#5146]
+ Subscriptions databases will be upgraded the next time they're
opened, and any bad entries due to the bug will be found and
fixed. You can force this for a particular user by connecting
to IMAP as them and issuing a command like . LSUB "" "*" or
similar, but this will happen anyway during normal usage.
+ Fixed: all man pages are now always built and installed
[gh#cyrusimap/cyrus-imapd#4797]
+ Fixed: deadlock on shutdown [gh#cyrusimap/cyrus-imapd#5309]
+ Fixed: expunge only did one message at a time
[gh#cyrusimap/cyrus-imapd#5380]
