On 07.03.2017 10:52, Nagy, Attila wrote: > On 03/06/2017 11:30 PM, Timo Sirainen wrote: >> On 6 Mar 2017, at 9.17, Tom Sommer <[email protected]> wrote: >>> >>> On 2017-02-24 14:34, Timo Sirainen wrote: >>>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz >>>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz.sig >>> Are there any plans to do a bugfix-release, that includes the few >>> issues seen in the mailing-list, or do you consider 2.2.28 safe to >>> upgrade to? >> I don't see anything critical. A couple of bugs that might or might >> not affect you. We'll have 2.2.29 soon enough, so no plans for other >> releases before that. > Truncating passwords with dict protocol* seems quite critical to me. :-O > Or is it just me, who's affected by that? > > *: http://dovecot.org/list/dovecot/2017-February/107265.html
Hi! The password is not actually truncated, it's actually subjected to var_expand, which is silly. We are working on a patch for this and let y'all know when it's ready. The only truncation happens with % as last character. Aki
