Mercurial > dovecot > original-hg > dovecot-1.2
comparison NEWS @ 7391:c73d6224a96b HEAD 1.1.rc3
Released v1.1.rc3.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Sun, 09 Mar 2008 12:51:51 +0200 |
| parents | dfd811aa0418 |
| children | 4607141a6bdc |
comparison
equal
deleted
inserted
replaced
| 7390:04297ce26b78 | 7391:c73d6224a96b |
|---|---|
| 1 v1.1.rc3 2008-03-09 Timo Sirainen <tss@iki.fi> | |
| 2 | |
| 3 * Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd | |
| 4 and shadow if blocking=yes) where user could specify extra fields | |
| 5 in the password. The main problem here is when specifying | |
| 6 "skip_password_check" introduced in v1.0.11 for fixing master user | |
| 7 logins, allowing the user to log in as anyone without a valid | |
| 8 password. | |
| 9 | |
| 10 - mail_privileged_group was broken in some systems (OS X, Solaris?) | |
| 11 | |
| 1 v1.1.rc2 2008-03-08 Timo Sirainen <tss@iki.fi> | 12 v1.1.rc2 2008-03-08 Timo Sirainen <tss@iki.fi> |
| 2 | 13 |
| 3 * mail_extra_groups setting was commonly used insecurely. This setting | 14 * mail_extra_groups setting was commonly used insecurely. This setting |
| 4 is now deprecated. Most users should switch to using | 15 is now deprecated. Most users should switch to using |
| 5 mail_privileged_group setting, but if you really need the old | 16 mail_privileged_group setting, but if you really need the old |