|
Line 0
Link Here
|
|
|
1 |
Upgrades to 0.88 |
| 2 |
================ |
| 3 |
|
| 4 |
Version 0.88 contains two BREAKING CHANGES. |
| 5 |
|
| 6 |
BREAKING CHANGE #1: may, deliberately, cause connections to fail which |
| 7 |
previously succeeded. |
| 8 |
|
| 9 |
If the Sieve server does not offer STARTTLS, then connections should now fail |
| 10 |
unless one of three scenarios is in play: |
| 11 |
|
| 12 |
* `--clearchan` is explicitly passed on the command-line |
| 13 |
* `SIEVECONNECT_INSECURE_CLEARTEXT_FALLBACK` is set non-empty in |
| 14 |
environ |
| 15 |
* TLS verification is disabled, whether by packagers or command-line. |
| 16 |
|
| 17 |
The stance now is: if you try for TLS, don't fall back to non-TLS, unless |
| 18 |
explicitly told that it's okay. I've explicitly and deliberately changed to |
| 19 |
handling MitM attacks stripping pre-TLS capabilities as part of the threat |
| 20 |
model, and breaking in that scenario is now more important than "just working". |
| 21 |
This is a pre-v1 tool, so I hope to be forgiven for this change. It's my |
| 22 |
belief that the world has changed enough that it's no longer socially |
| 23 |
acceptable to run services without TLS and without users knowing to disable |
| 24 |
TLS. |
| 25 |
|
| 26 |
(POSSIBLY) BREAKING CHANGE #2: when deriving a remote script name from the |
| 27 |
local filename, use the basename and strip off directories. |
| 28 |
|
| 29 |
Some widespread ManageSieve servers (eg, timsieved) disallow a directory |
| 30 |
separator in a sieve script name. So when deriving remote names, just use |
| 31 |
basename. This might cause issues for those with servers which allow directory |
| 32 |
separators and users who were relying upon this. |
| 33 |
|
| 34 |
Mitigation: explicitly specify the remote script name to include the path, and |
| 35 |
things should work as before. |
| 36 |
|
| 37 |
Full ChangeLog can be found at: |
| 38 |
http://people.spodhuis.org/phil.pennock/software/sieve-connect.ChangeLog.txt |