The Cyrus team is proud to announce the immediate availability of a new version of Cyrus IMAP: 3.4.1 This release contains a fix for CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote authenticated user could stall replication, requiring administrator intervention. Download URLs: https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus-imapd-3.4.1/cyrus-imapd-3.4.1.tar.gz https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus-imapd-3.4.1/cyrus-imapd-3.4.1.tar.gz.sig Please consult the release notes and upgrade documentation before upgrading to 3.4.1: https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html https://www.cyrusimap.org/imap/download/upgrade.html And join us on Github at https://github.com/cyrusimap/cyrus-imapd to report issues, join in the deliberations of new features for the next Cyrus IMAP release, and to contribute to the documentation. On behalf of the Cyrus team, Kind regards, ellie timoney ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T056901c106ecfce3-M949ad8200d85f7f17efa3904 Delivery options: https://cyrus.topicbox.com/groups/info/subscription