[Dovecot-news] Dovecot release v2.3.7.2


We are pleased to release Dovecot release v2.3.7.2

Tarball is available at

Binary packages are available at


  • CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.

Aki Tuomi
Open-Xchange oy

Dovecot-news mailing list