Cyrus IMAP 3.2.0-beta4 Release Notes ************************************ Warning: This is a beta release and may contain fun bugs. Testing it out and providing feedback would be greatly appreciated, but do not run this on your production mail stores! Download from GitHub: * https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus- imapd-3.2.0-beta4/cyrus-imapd-3.2.0-beta4.tar.gz * https://github.com/cyrusimap/cyrus-imapd/releases/download/cyrus- imapd-3.2.0-beta4/cyrus-imapd-3.2.0-beta4.tar.gz.sig Major changes since the 3.0.x series ==================================== * Sieve bug fixes and features * Replication safety improvements * Caldav and Carddav improvements * Support for JMAP core protocol (**RFC 8620**) * Support for JMAP Mail (**RFC 8621**) * Experimental support for JMAP Contacts (requires *jmap_nonstandard_extensions: yes* in imapd.conf(5)) * Experimental support for JMAP Calendars (requires *jmap_nonstandard_extensions: yes* in imapd.conf(5)) * Xapian bug fixes * Improvements to Annotations handling * DRAC support has been deprecated * Support for Prometheus stats * SNMP stats support has been deprecated * Removed support for the Sphinx backend to squatter searches * New cyrus.index format v16 included since 3.1.5 - adds unseen count and createdmodseq to index header, savedate and createdmodseq to index records * Support for WebSockets * Support for HTTP/2.0 * Experimental support for Zeroskip database format * Intermediate mailboxes are now recorded in mailboxes database * Conversations database format update - adds flags and internaldate fields, and is now versioned for future-compatibility. You will need to rebuild your conversations databases with ctl_conversationsdb(8) and the *-b* switch to benefit from this * IMAP FETCH accepts two new data items, MAILBOXIDS and MAILBOXES, which respectively return the unique ids or names of the containing mailboxes of each message in the sequence (for best performance, rebuild your conversations databases as above) * mbpath(8) is now much more useful * Twoskip database format now supports shared locks, and ensures record headers do not span disk block boundaries * All Cyrus binaries now use real sysexits exit codes instead of mapping nearly everything to EX_TEMPFAIL * CyrusDB errors now syslog the actual error instead of just "cyrusdb error" * New *allowdeleted* imapd.conf(5) option (default off), which allows admin users to see deleted mailboxes and expunged messages over IMAP * cyr_virusscan(8) now supports custom templates for notifications sent about infected messages that have been deleted * imapd.conf(5) options that represent a time duration now accept 'd', 'h', 'm', 's' suffixes rather than arbitrary units * The *tls_server_cert* and *tls_server_key* imapd.conf(5) options now allow two certificate/key pairs (e.g. RSA and EC) to be used. Thanks Дилян Палаузов * Mailbox create/delete/rename are now performed under a lock on the user's namespace, to prevent races (especially during big renames) * The cyr_info(8) *conf-lint* subcommand no longer complains about channel-prefixed sync options * New *master_bind_errors_fatal* imapd.conf(5) option (default off), with which master will refuse to start if any of the configured services are unable to successfully bind their port. The default and legacy behaviour is for master to start with the affected services disabled, and not try to start them again until a SIGHUP is received * New *autocreate_acl* imapd.conf(5) option, for specifying ACLs to use when mailboxes are created by *autocreate_inbox_folders* * New *zoneinfo_dir* imapd.conf(5) option, for specifying the directory Cyrus should look for timezone definitions in. The default is to let libical find them itself. If the *tzdist* http module is enabled, this option is mandatory. * The iso-8859-1 charset is now treated as an alias for windows-1252, as per WHATWG Encoding for emails and websites Updates to default configuration ================================ The cyr_info(8) *conf*, *conf-all* and *conf-default* subcommands now accept an *-s * argument to highlight imapd.conf(5) options that are new or whose behaviour has changed since the specified version. We recommend using this when evaluating a new Cyrus version to check which configuration options you will need to re-examine and maybe change during the process. * The *specialusealways* option is now enabled by default. It must explicitly be disabled for interoperability with legacy clients that can't handle RFC 6154 attributes in extended LIST commands. * The values accepted by *expunge_mode* have changed, please see the documentation for more information about the changes. * The legacy GETANNOTATIONS/SETANNOTATIONS IMAP commands will no longer work unless *annotation_enable_legacy_commands* is enabled. * The *outbox_sendlater* option and its functionality have been removed. * The *tzdist* http module now finds its timezone data directory according to the new *zoneinfo_dir* imapd.conf(5) option, instead of being hardcoded to "{configdirectory}/zoneinfo". If you are using this module, you MUST now set this option explicitly. Calendaring services will use the same timezone definitions. Security fixes ============== * Contains fix for CVE-2017-14230 * Contains fix for CVE-2019-18928 * Contains fix for CVE-2019-19783 Significant bugfixes ==================== * Contains fix for Issue #2839