Dovecot v2.2.31 released

The following information has been provided by the Dovecot-news mailing list.

This should be a great and stable release for the summer 🙂 v2.2.32 is planned for the end of August. Hopefully soon afterwards we can get back to v2.3.

* LMTP: Removed “(Dovecot)” from added Received headers. Some
installations want to hide it, and there’s not really any good reason
for anyone to have it.

+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ dsync/imapc, pop3-migration plugin: Strip trailing whitespace from
headers when matching mails. This helps with migrations from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox dovecot-acl files.
+ Parse invalid message addresses better. This mainly affects the
generated IMAP ENVELOPE replies.
– v2.2.30 wasn’t fixing corrupted dovecot.index.cache files properly.
It could have deleted wrong mail’s cache or assert-crashed.
– v2.2.30 mail-crypt-acl plugin was assert-crashing
– v2.2.30 welcome plugin wasn’t working
– Various fixes to handling mailbox listing. Especially related to
handling nonexistent autocreated/autosubscribed mailboxes and ACLs.
– Global ACL file was parsed as if it was local ACL file. This caused
some of the ACL rule interactions to not work exactly as intended.
– auth: forward_* fields didn’t work properly: Only the first forward
field was working, and only if the first passdb lookup succeeded.
– Using mail_sort_max_read_count sometimes caused “Broken sort-*
indexes, resetting” errors.
– Using mail_sort_max_read_count may have caused very high CPU usage.
– Message address parsing could have crashed on invalid input.
– imapc_features=fetch-headers wasn’t always working correctly and
caused the full header to be fetched.
– imapc: Various bugfixes related to connection failure handling.
– quota=imapc sent unnecessary FETCH RFC822.SIZE to server when
expunging mails.
– quota=count: quota_warning = -storage=.. was never executed
– quota=count: Add support for “ns” parameter
– dsync: Fix incremental syncing for mails that don’t have Date or
Message-ID headers.
– imap: Fix hang when client sends pipelined SEARCH +
– oauth2: Token validation didn’t accept empty server responses.
– imap: NOTIFY command has been almost completely broken since the
beginning. I guess nobody has been trying to use it.

Released Pigeonhole v0.4.19 for Dovecot v2.2.31

The following information has been provided by the Dovecot-news mailing list.

Hello Dovecot users,

Here’s the definitive 0.4.19 release. There is one additional fix.

Changelog v0.4.19:

* This release adjusts Pigeonhole to several changes in the Dovecot API,
making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole
will produce compile warnings with the recent Dovecot releases (but
still work ok).
– Fixed bug in handling of implicit keep in some cases. Implicit
side-effects, such as assigned flags, were not always applied
correctly. This is in essence a very old bug, but it was exposed by
recent changes.
– include extension: Fixed segfault that (sometimes) occurred when the
global script location was left unconfigured.

The release is available as follows:

Refer to and the Dovecot v2.x wiki for
more information. Have fun testing this release and don’t hesitate to
notify me when there are any problems.

Varnish Cache 4.1.7 released

The following information has been provided by the varnish-announce mailing list.

Dear Varnish community

We have now made available version 4.1.7, and it can be found here:

Packages will be made available in the official repositories today.

The long standing issue 1746 (see has been
fixed in the 4.1 branch, and this fix will change how Varnish behaves in
certain circumstances.

Before 4.1.7-beta1, the nuke_limit parameter was ignored, so a varnish
instance could nuke any number of objects to make room for a new big
object. From 4.1.7-beta1, only a limited number of object will be
nuked before Varnish gives up and decides there is no room for the new

The default nuke_limit is 10, and this number is high enough to not
affect most users. However, if you want to make sure that the
behavior is not changed when upgrading, you should set the value much

FortiTester 3.0.0

FortiTester 3.0.0 B0005 and release notes are available for download from the Support site :

This concerns the following models:

  • FTS_2000D_HWID_01, FTS_3000E_HWID_01, FTS_VM_HWID_01

Source: Fortinet Firmware

Apache HTTP Server 2.4.26 Released

The following information has obtained from:

June 19, 2017

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.4.26 of the Apache HTTP Server (“Apache”). This version of Apache is our latest GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is recommended over all previous releases. This release of Apache is a security, feature, and bug fix release.

We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.

Apache HTTP Server 2.4.26 is available for download from:

Please see the CHANGES_2.4 file, linked from the download page, for a full list of changes. A condensed list, CHANGES_2.4.26 includes only those changes introduced since the prior 2.4 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available:

This release requires the Apache Portable Runtime (APR), minimum version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may require the 1.6.x version of both APR and APR-Util. The APR libraries must be upgraded for all features of httpd to operate correctly.

Apache HTTP Server 2.4 provides a number of improvements and enhancements over the 2.2 version. A listing and description of these features is available via:

This release builds on and extends the Apache 2.2 API. Modules written for Apache 2.2 will need to be recompiled in order to run with Apache 2.4, and require minimal or no source code changes.

When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe.

Please note that Apache Web Server Project will only provide maintenance releases of the 2.2.x flavor through June of 2017, and will provide some security patches beyond this date through at least December of 2017. Minimal maintenance patches of 2.2.x are expected throughout this period, and users are strongly encouraged to promptly complete their transitions to the the 2.4.x flavor of httpd to benefit from a much larger assortment of minor security and bug fixes as well as new features.