📖 Notes
This is a Bug-Fix Release with several security hardening fixes and stability improvements for IMAP and the pager.
💎 Sponsors
Special thanks to our sponsors:
 |
 |
 |
 |
 |
| Jakub Jindra @jindraj |
Scott Kostyshak @scottkosty |
Mark Korondi @kmARC |
Bastian Bittorf @bittorf |
Igor Serebryany @igor47 |
 |
 |
 |
 |
|
| Nicolas Évrard @nicoe |
Robert Ricci @ricci |
Sebastian Stark @sstark |
Farzad Sadeghi @terminaldweller |
|
- Robert Labudda
- Morgan Kelly
- 罗昭铭
- Aboudoulaye Yatera
- Marton Balazs (@martonbalazs)
- Kirill Rekhov (@krekhovx)
- Joonas Laine
- Anonymous (Liberapay)
❤️ Thanks
Many thanks to our new contributors:
- Karunakar Reddy (@karnakarreddi)
- Shane Qian (@Shane-XB-Qian)
and our regular contributors:
- Pietro Cerutti (@gahr)
- Thomas Klausner (@0-wiz-0)
- Artur Kaminski (@diarized)
- Dennis Schön (@roccoblues)
- Carlos Henrique Lima Melara (@charles2910)
- Jörg Sommer (@jo-so)
🔒 Security
- Fix GSSAPI buffer underflow on short unwrapped tokens
- Reject percent-encoded NUL bytes in URL decoding
- Skip CN fallback when SAN dNSName entries exist (RFC6125)
- Cap POP3 UIDL responses to prevent OOM from a malicious server
- Harden POP host URL copy
🐞 Bug Fixes
- #4836 imap: fix memory leak in
msg_parse_flags - #4849 Fix memmove in
mutt_str_expand_tabs - #4850 IMAP: enhance stability with re-entrancy protection and reconnection fixes
- #4852 Say which mailcap field we are looking for
- #4853 Don’t overwrite content_type
- pager: fix crash on
uncolor * - pager: fix wrong line index in signature syntax realloc
- pager: fix OOB read on short log lines in
display_line() - pager: fix off-by-one in newline restoration
- imap: fix sort for missing emails
- imap: fix crash when syncing mailbox on exit
- Fix crash in
cmd_parse_fetch()when edata is NULL - log: fix missing errors on startup
- Force cursor to be visible on exit