Closed PhilipSchillmaier closed 2 years ago
The latest version from the debian repository is still 2.3.4.1.
@AndrewSav @sknight80 Should we use the dovecot repository instead?
The latest version from the Debian repository is the bullseye version 1:2.3.11.3+dfsg1-2: https://packages.debian.org/bullseye/dovecot-core
@SaraSmiseth if we got the most recent update for dovecot I don't see the problem with that. However when we have a new Debian version maybe we should switch to it.
Thanks for reporting the security release for dovecot, @PhilipSchillmaier!
My preference is to stay on Debian repo, as I do not what to add one more thing that can potentially break and make it more fragile. If we decide to stay on Debian we will have to wait until their repo gets the fix before we can do anything about this. On the other hand if anyone is in a hurry and wants to submit a PR, I'll help reviewing it.
We should not go to Bullseye until it's released.
Yes Bullseye is still testing and not stable.
Keep in mind that Debian backports security fixes to stable, so the version number alone isn't a good indicator.
Also, this is 2 months old now, does it need to stay open?
When Bullseye releases we will endeavour to upgrade to it, hopefully resolving the original issue in the process @jinks.
Classification
Reproducibility
Docker information
Description
Dovecot provided an security update https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
Please update the docker image accordingly.
Steps to reproduce
docker exec -it mailserver_mailserver_1 dovecot --version
Expected results
2.3.13
Actual results
2.3.4.1