[Bug 1614062] [NEW] imapproxy out of date

Launchpad Bug Tracker 1614062 at bugs.launchpad.net
Wed Aug 17 12:49:54 UTC 2016 

You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):

The version of imapproxy packaged, 1.2.7, is the last released version.
Unfortunately, this version is from 2010. There have been several good
changes to imapproxy, but no new release has been cut. Many of these
changes have security implications.

Here's a list of selected changes in chronological order:
 - Warn against using port 993
 - Fix LOGIN command so that it handles literal arguments correctly
 - Fix possible buffer overflow issue
 - Add the ability to authenticate to the IMAP server using SASL plain
 - Fix server connection starvation and synchronization issues
 - When NO or BAD response is returned from the server against a LOGIN or
   AUTHENTICATE request, we now log the full server response and pass it
   back to the client (useful if client is watching for RFC 5530 response
   codes).
 - Fix server connection synchronization issues in the SELECT cache code
 - Allow configuration setting values to contain spaces
 - Fixed problem where default TLS CA data would never be loaded
 - Fixed bug in SSL context initialization
 - Added support for up to TLS v1.2
 - Added support for ECDHE ciphers
 - Added ability to manually specify TLS ciphers
 - Added server certificate validation

The last change was in January 2014. A daily tarball is available here:
http://squirrelmail.org/download.php#imap_proxy

We have been running the code from 2014 in production since 2015, and it's been solid. Here's a link to our PPA, which has the updated version, using the daily tarball from back then:
https://launchpad.net/~wiktel/+archive/ubuntu/ppa/+packages

** Affects: up-imapproxy (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: up-imapproxy (Debian)
     Importance: Unknown
         Status: Unknown


** Tags: patch
-- 
imapproxy out of date
https://bugs.launchpad.net/bugs/1614062
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list