Cyrus IMAP 3.2.7 Release Notes

Download from GitHub:

Changes since 3.2.6

Security fixes:

  • Fixed CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote authenticated user could stall replication, requiring administrator intervention.

Build changes

  • Fixed: various symbols were missing explicit symbol visibility

Bug fixes

  • Fixed Issue #3225: xapian get_stopper() did not use the cached stoppers (thanks Дилян Палаузов)

  • Fixed Issue #2882: reordered HTTP auth schemes to order expected by browsers

  • Fixed Issue #3456: per-server annotations were unable to replicate