We are pleased to announce the release of Cyrus IMAPd 2.4.12. This is a security update to the 2.4.x series, containing a fix to Secunia SA46093. Stefan Cornelius from Secunia Research discovered that anonymous users can appear to be authenticated as any useri to nttpd - by just failing to send any PASS command. Despite the security issue forcing this release, it's wonderful to see how many different authors are represented. Not only the regular contributions from Bron, Greg and Ken, but lots of bugs reported through bugzilla along with patches. We strongly recommend that all users of the stable series upgrade to 2.4.12, or at least apply the patch here: http://git.cyrusimap.org/cyrus-imapd/patch/?id=77903669e04c9788460561dd0560b9c916519594 You can download via HTTP or FTP: http://cyrusimap.org/releases/cyrus-imapd-2.4.12.tar.gz ftp://ftp.cyrusimap.org/cyrus-imapd/cyrus-imapd-2.4.12.tar.gz The list of reported bugs fixed can be found here: http://cyrusimap.org/mediawiki/index.php/Bugs_Resolved_in_2.4.12 (or check the changelog for the ones that were actually FIXED in this release rather than closed as no-longer-present) If you want extreme detail of all changes made, check git: http://git.cyrusimap.org/cyrus-imapd/log/?id=cyrus-imapd-2.4.12 Regards, Bron. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
