diff options
| author | Ankur Tyagi <ankur.tyagi85@gmail.com> | 2025-12-24 13:19:27 +0530 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2025-12-30 07:08:12 +0530 |
| commit | 50906d9169dc8055acd279706357d13c8f38c102 (patch) | |
| tree | c220cec95bcd0a88738f50654c427b29278edb6b /meta-python/recipes-devtools/python/python3-dynamic-dispatch_1.0.3.bb | |
| parent | 19d7eedf67ea1b8fe27790366d98a7e888cb839a (diff) | |
| download | meta-openembedded-50906d9169dc8055acd279706357d13c8f38c102.tar.gz | |
dovecot: upgrade 2.3.21 -> 2.3.21.1
Release Notes:
- CVE-2024-23184: A large number of address headers in email resulted
in excessive CPU usage.
- CVE-2024-23185: Abnormally large email headers are now truncated or
discarded, with a limit of 10MB on a single header and 50MB for all
the headers of all the parts of an email.
- oauth2: Dovecot would send client_id and client_secret as POST parameters
to introspection server. These need to be optionally in Basic auth
instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
from token, but was configured on Dovecot.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-dynamic-dispatch_1.0.3.bb')
0 files changed, 0 insertions, 0 deletions