This is the start of the new development series, and will
include significant changes from the 5.4 series.

Many people got comfortable using development releases
on production servers during the 5.3 series.  We don't
recommend doing that with this series as the releases
won't be thoroughly tested.

This first release focuses on security-related improvements
to the SQL auth modules.  There are also some fixes to
Postgres in an attempt to add stability and get it caught up
with MySQL.

The new qnprintf() command escapes strings used in
queries to avoid possible SQL exploits to the vpopmail
codebase.  Once tested, we will backport this code to
the 5.4 series.


Tom Collins
- Consolidate table creation code in vmysql.c and vpgsql.c.
- Increase SQL_BUF_SIZE from 600 to 2048 for Oracle, Postgres
  and Sybase.
- Add qnprintf() to vpopmail.c for escaping strings in SQL queries.
- Use qnprintf() when building queries in vmysql.c, vpgsql.c,
  voracle.pc, and vsybase.c.
- Multiple fixes to vpgsql.c related to freeing PGresults and
  attempting to access NULL PGresults when reporting errors.

Reply via email to