From c837ecd724101e3a0a0457a5daa366a79f06021e Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Wed, 10 Jul 2019 10:44:45 +0300 Subject: [PATCH] NEWS: Add missing 2.3.6 news --- NEWS | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/NEWS b/NEWS index be597d500d..f4c1c47213 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,30 @@ +v2.3.6 2019-04-30 Aki Tuomi + + * CVE-2019-11494: Submission-login crashed with signal 11 due to null + pointer access when authentication was aborted by disconnecting. + * CVE-2019-11499: Submission-login crashed when authentication was + started over TLS secured channel and invalid authentication message + was sent. + * auth: Support password grant with passdb oauth2. + + Use system default CAs for outbound TLS connections. + + Simplify array handling with new helper macros. + + fts_solr: Enable configuring batch_size and soft_commit features. + - lmtp/submission: Fixed various bugs in XCLIENT handling, including a + hang when XCLIENT commands were sent infinitely to the remote server. + - lmtp/submission: Forwarded multi-line replies were erroneously sent + as two replies to the client. + - lib-smtp: client: Message was not guaranteed to contain CRLF + consistently when CHUNKING was used. + - fts_solr: Plugin was no longer compatible with Solr 7. + - Make it possible to disable certificate checking without + setting ssl_client_ca_* settings. + - pop3c: SSL support was broken. + - mysql: Closing connection twice lead to crash on some systems. + - auth: Multiple oauth2 passdbs crashed auth process on deinit. + - HTTP client connection errors infrequently triggered a segmentation + fault when the connection was idle and not used for a particular + client instance. + v2.3.5.2 2019-04-18 Timo Sirainen * CVE-2019-10691: Trying to login with 8bit username containing -- 2.47.3