There is a important security release of Courier-Auth, in the older versions Courier-Auth has an SQL injection exploit. This release should prevent any further security threaths. This release has the following changes:

  • Use mysql_set_character_set() instead of SET NAMES. This fixes a SQL injection possibility with MySQL databases that use non-Latin character sets.

This bug will affect you and I advise you to upgrade as soon as possible. I’ve upgraded al servers without a problem. If you want to upgrade your installation please read my upgrade instructions for Courier-auth.