SaraSmiseth
commented
3 years ago The latest version from the debian repository is still 2.3.4.1.
@AndrewSav @sknight80 Should we use the dovecot repository instead?
Closed PhilipSchillmaier closed 2 years ago
SaraSmiseth
commented
3 years ago The latest version from the debian repository is still 2.3.4.1.
@AndrewSav @sknight80 Should we use the dovecot repository instead?
neuffer
commented
3 years ago The latest version from the Debian repository is the bullseye version 1:2.3.11.3+dfsg1-2: https://packages.debian.org/bullseye/dovecot-core
sknight80
commented
3 years ago @SaraSmiseth if we got the most recent update for dovecot I don't see the problem with that. However when we have a new Debian version maybe we should switch to it.
Thanks for reporting the security release for dovecot, @PhilipSchillmaier!
AndrewSav
commented
3 years ago My preference is to stay on Debian repo, as I do not what to add one more thing that can potentially break and make it more fragile. If we decide to stay on Debian we will have to wait until their repo gets the fix before we can do anything about this. On the other hand if anyone is in a hurry and wants to submit a PR, I'll help reviewing it.
We should not go to Bullseye until it's released.
SaraSmiseth
commented
3 years ago Yes Bullseye is still testing and not stable.
jinks
commented
3 years ago Keep in mind that Debian backports security fixes to stable, so the version number alone isn't a good indicator.
Also, this is 2 months old now, does it need to stay open?
AndrewSav
commented
3 years ago When Bullseye releases we will endeavour to upgrade to it, hopefully resolving the original issue in the process @jinks.
Classification
Reproducibility
Docker information
Description
Dovecot provided an security update https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
Please update the docker image accordingly.
Steps to reproduce
docker exec -it mailserver_mailserver_1 dovecot --versionExpected results
2.3.13
Actual results
2.3.4.1