core
Communication & EmailDovecot mail server
Recent releases
View all 2 releases →
2.4.3
Security relevant
Breaking changes
- Removed default service_extra_groups settings
- Config defaults no longer accept 0 as unlimited
Security fixes
- CVE-2025-59028: Invalid base64 authentication DoS
- CVE-2025-59031: decode2text.sh symlink traversal
- CVE-2026-24031: SQL injection via auth_username_chars
Notable features
- Improved UTF-8 support
- Default auth-token UNIX socket
- IMAP4rev2 support
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
