Notes

In addition to the usual share of bug fixes and enhancements, this release fixes a security vulnerability whereas an early error in communicating with an IMAP server was not properly detected as fatal, resulting in a potential for sensitive information (user, pass) being sent over an untrusted channel.

Thanks to Gabriel Salles-Loustau for spotting the problem.

Thanks

Many thanks to our new contributor:

• Björn Ketelaars (@bket)

and our regular contributors:

• наб (@nabijaczleweli)
• Matthew Hughes (@matthewhughes934)
• Austin Ray (@Austin-Ray)
• Romeu Vieira (@RomeuG)
• Marius Gedminas (@mgedmin)
• Reto Brunner (@reto)
• Jakub Jindra (@jindraj)
• Yousef Akbar (@yousefakbar)
• ftilde (@ftilde)
• Pietro Cerutti (@gahr)

Security

• imap: close connection on all failures

Features

• alias: add function to Alias/Query dialogs
• config: add validators for {imap,smtp,pop}_authenticators
• config: warn when signature file is missing or not readable
• smtp: support for native SMTP LOGIN auth mech
• notmuch: show originating folder in index

Bug Fixes

• sidebar: prevent the divider colour bleeding out
• sidebar: fix <sidebar-{next,prev}-new>
• notmuch: fix query for current email
• restore shutdown-hook functionality
• crash in reply-to
• user-after-free in folder-hook
• fix some leaks
• fix application of limits to modified mailboxes
• write Date header when postponing

Translations

• 100% Lithuanian
• 100% Czech
• 70% Turkish

Docs

• Document that $sort_alias affects the query menu

Build

• improve ASAN flags
• add SASL and S/MIME to –everything
• fix contrib (un)install

Code

• my_hdr compose screen notifications
• add contracts to the MXAPI
• maildir refactoring
• further reduce the use of global variables

Upstream

• Add $count_alternatives to count attachments inside alternatives