dovecot.org/releases/1.2/dovecot ... tar.gz.sig
I'll be more or less gone for next two weeks. Tomorrow I'm heading to MacSysAdmin in Sweden to give a Dovecot talk, the next week I'll be in Finland on vacation. After that I'm hoping to get v2.0.alpha1 released in October.
* Authentication: DIGEST-MD5 and RPA mechanisms no longer require user's login realm to be listed in auth_realms. It only made configuration more difficult without really providing extra security.
* zlib plugin: Don't allow clients to save compressed data directly.
This prevents users from exploiting (most of the) potential security holes in zlib/bzlib.
+ Added pop3_save_uidl setting.
+ dict quota: When updating quota and user isn't already in dict, recalculate and save the quota.
- file_set_size() was broken with OSes that didn't support posix_fallocate() (almost everyone except Linux), causing all kinds of index file errors.
- v1.2.4 index file handling could have caused an assert-crash
- IMAP: Fixes to QRESYNC extension.
- virtual plugin: Crashfix
- deliver: Don't send rejects to any messages that have Auto-Submitted
header. This avoids emails loops.
- Maildir: Performance fixes, especially with maildir_very_dirty_syncs.
- Maildir++ quota: Limits weren't read early enough from maildirsize
file (when quota limits not enforced by Dovecot)
- Message decoding fixes (mainly for IMAP SEARCH, Sieve).