-
Notifications
You must be signed in to change notification settings - Fork 154
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
157 additions
and
0 deletions.
There are no files selected for viewing
157 changes: 157 additions & 0 deletions
157
docsrc/imap/download/release-notes/3.10/x/3.10.0-rc1.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,157 @@ | ||
| :tocdepth: 3 | ||
|
|
||
| ===================================== | ||
| Cyrus IMAP 3.10.0-rc1 Release Notes | ||
| ===================================== | ||
|
|
||
| Download from GitHub: | ||
|
|
||
| * https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus-imapd-3.10.0-rc1/cyrus-imapd-3.10.0-rc1.tar.gz | ||
| * https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus-imapd-3.10.0-rc1/cyrus-imapd-3.10.0-rc1.tar.gz.sig | ||
|
|
||
| .. _relnotes-3.10.0-rc1_changes: | ||
|
|
||
| Major changes since the 3.8 series | ||
| ================================== | ||
|
|
||
| * URLs found in HTML ``<a>``, ``<area>`` and ``<img>`` tags, as well as "alt" | ||
| text in ``<img>`` tags, are now indexed for search and snippets | ||
| * :cyrusman:`cyr_expire(8)` now supports non-day durations in the | ||
| archive/delete/expire annotations | ||
| * :cyrusman:`cyr_expire(8)` no longer supports fractional durations in command | ||
| line arguments. Installations that passed fractional durations such as | ||
| "1.5d" to any of the ``-E``, ``-X``, ``-D``, or ``-A`` arguments must adapt | ||
| these to only use integer durations such as "1d12h" | ||
| * :cyrusman:`cyr_expire(8)` now supports the 'noexpire_until' annotation to | ||
| disable cyr_expire per user | ||
| * JMAP calendar default alarms are now stored in a non-DAV mailbox annotation. | ||
| See :ref:`upgrade_jmap_default_alarms` for upgrading instructions if you are | ||
| already using the experimental JMAP Calendars API | ||
| * Removes support for parsing and generating bytecode for the deprecated | ||
| denotify action and notify actions using the legacy (pre-:rfc:`5435`) syntax. | ||
| Existing bytecode containing these actions will still be executed. Scripts | ||
| that contain the deprecated denotify action should be rewritten to remove | ||
| them. Scripts that contain notify actions using the legacy syntax should be | ||
| rewritten to use the syntax in :rfc:`5435` | ||
| * Adds support for the "exp" and "nbf" JSON Web Token claims. Thanks Bruno | ||
| Thomas | ||
| * Adds support for IMAP Version 4rev2 (:rfc:`9051`) | ||
| * Adds support for IMAP NOTIFY (:rfc:`5465`). Only available if ``idled`` is | ||
| running | ||
| * Refresh interval for APNS subscriptions to DAV resources is now configurable. | ||
| See the ``aps_expiry`` :cyrusman:`imapd.conf(5)` option | ||
| * Upgrade IMAP Quota support to :rfc:`9208`. Sites running a Murder will be | ||
| unable to set ANNOTATION-STORAGE or MAILBOX quotas (formerly known as | ||
| X-ANNOTATION-STORAGE and X-NUM_FOLDERS) in a mixed-version environment until | ||
| frontends are upgraded. Upgraded frontends know how to negotiate with older | ||
| backends. | ||
| * Adds support for IMAP REPLACE (:rfc:`8508`) | ||
| * Adds support for IMAP UIDONLY extension (:draft:`draft-ietf-extra-imap-uidonly`) | ||
| * Adds experimental support for JMAP Contacts per upcoming IETF standards. | ||
| Requires the not-yet-released | ||
| `libicalvcard <https://github.com/libical/libical/pull/584>`_ | ||
| * :cyrusman:`squatter(8)` now supports the "wait=y" :cyrusman:`cyrus.conf(5)` | ||
| option when started in rolling mode from the ``DAEMON`` section | ||
| * :cyrusman:`master(8)` now touches a ready file to indicate it is "ready for | ||
| work". See :ref:`upgrade_master_pid_ready_files` | ||
| * :cyrusman:`master(8)` now gets its pidfile name from the ``master_pid_file`` | ||
| :cyrusman:`imapd.conf(5)` option. See :ref:`upgrade_master_pid_ready_files` | ||
| * Adds pcre2 support. Prefers pcre2 over pcre if both are available. See | ||
| :ref:`upgrade_pcre2_support` | ||
| * The ``proc`` :cyrusman:`cyr_info(8)` subcommand now also reports DAEMON and | ||
| EVENTS processes | ||
| * JMAP CalendarEventNotification objects are now automatically pruned. | ||
| The ``jmap_max_calendareventnotifs`` :cyrusman:`imapd.conf(5)` option can be | ||
| used to tune this behaviour | ||
| * Cyrus now requires libical >= 3.0.10 for HTTP support | ||
| * Sieve [current]date ``:zone`` parameter now accepts either a UTC offset or an | ||
| IANA time zone ID | ||
| * Adds an ``implicit_keep_target`` Sieve action to change the target mailbox | ||
| for an implicit keep | ||
| * :cyrusman:`squatter(8)` no longer holds a mailbox lock while extracting text | ||
| from attachments | ||
| * IMAP ``RENAME`` command no longer emits non-standard per-folder updates. Use | ||
| the new ``XRENAME`` command if you need this behaviour | ||
|
|
||
| .. _relnotes_3.10.0-beta2_storage_changes: | ||
|
|
||
| Storage changes | ||
| =============== | ||
|
|
||
| * None in 3.10. But if your upgrade is skipping over 3.6 and 3.8, please do | ||
| not miss :ref:`3.6.0 Storage changes <relnotes_3.6.0_storage_changes>` | ||
| and :ref:`3.8.0 Storage changes <relnotes_3.8.0_storage_changes>` | ||
|
|
||
| Updates to default configuration | ||
| ================================ | ||
|
|
||
| The :cyrusman:`cyr_info(8)` `conf`, `conf-all` and `conf-default` subcommands | ||
| accept an `-s <version>` argument to highlight :cyrusman:`imapd.conf(5)` | ||
| options that are new or whose behaviour has changed since the specified | ||
| version. We recommend using this when evaluating a new Cyrus version to | ||
| check which configuration options you will need to examine and maybe set or | ||
| change during the process. | ||
|
|
||
| * The master pidfile name is now read from imapd.conf, and defaults | ||
| to ``{configdirectory}/master.pid``. If you have something that | ||
| looks for this file, you should either update it to look in the new | ||
| default location, or set ``master_pid_file`` in :cyrusman:`imapd.conf(5)` | ||
| to override the default. The ``-p`` option to :cyrusman:`master(8)` | ||
| can still be used to override it | ||
|
|
||
| Security fixes | ||
| ============== | ||
|
|
||
| * Fixed CVE-2024-34055_: | ||
| Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers | ||
| to cause unbounded memory allocation by sending many LITERALs in a | ||
| single command. | ||
|
|
||
| The IMAP protocol allows for command arguments to be LITERALs of | ||
| negotiated length, and for these the server allocates memory to | ||
| receive the content before instructing the client to proceed. The | ||
| allocated memory is released when the whole command has been received | ||
| and processed. | ||
|
|
||
| The IMAP protocol has a number commands that specify an unlimited | ||
| number of arguments, for example SEARCH. Each of these arguments can | ||
| be a LITERAL, for which memory will be allocated and not released | ||
| until the entire command has been received and processed. This can run | ||
| a server out of memory, with varying consequences depending on the | ||
| server's OOM policy. | ||
|
|
||
| Discovered by Damian Poddebniak. | ||
|
|
||
| Two limits, with corresponding :cyrusman:`imapd.conf(5)` options, have | ||
| been added to address this: | ||
|
|
||
| * ``maxargssize`` (default: unlimited): limits the overall length of a | ||
| single IMAP command. Deployments should configure this to a size that | ||
| suits their system resources and client usage patterns | ||
| * ``maxliteral`` (default: 128K): limits the length of individual IMAP | ||
| LITERALs | ||
|
|
||
| Connections sending commands that would exceed these limits will see the | ||
| command fail, or the connection closed, depending on the specific context. | ||
| The error message will contain the ``[TOOBIG]`` response code. | ||
|
|
||
| These limits may be set small without affecting message uploads, as the | ||
| APPEND command's message literal is limited by ``maxmessagesize``, not by | ||
| these new options. | ||
|
|
||
| .. _CVE-2024-34055: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34055 | ||
|
|
||
| Significant bugfixes | ||
| ==================== | ||
|
|
||
| * Fixed: squat db reindexes are no longer always incremental | ||
| * Fixed: squat db corruption from unintentional indexing of fields | ||
| intended to be skipped | ||
| * Fixed: squat db out of bounds access in incremental reindex docID map | ||
| * Fixed :issue:`4692`: squat db searches now handle unindexed messages | ||
| correctly again (thanks Gabriele Bulfon) | ||
| * Restored functionality of the sync_client ``-o``/``--connect-once`` option | ||
| * Fixed :issue:`4654`: copying/moving messages from split conversations is now | ||
| correct | ||
| * Fixed :issue:`4758`: fix renaming mailbox between users | ||
| * Fixed :issue:`4804`: mailbox_maxmessages limits now applied correctly |