Skip to content

Release history

core releases

Dovecot mail server

Back to tool Latest release

All releases

2 shown

Upgrade now
2.4.4 Breaking risk
Auth RCE / SSRF

CVE fixes

Open
2.4.3 Security relevant
Breaking changes
  • Removed default service_extra_groups settings
  • Config defaults no longer accept 0 as unlimited
Security fixes
  • CVE-2025-59028: Invalid base64 authentication DoS
  • CVE-2025-59031: decode2text.sh symlink traversal
  • CVE-2026-24031: SQL injection via auth_username_chars
Notable features
  • Improved UTF-8 support
  • Default auth-token UNIX socket
  • IMAP4rev2 support
View release on GitHub

Beta — feedback welcome: [email protected]