• Session ID is now included by default in auth and login process log lines. It can be added to mail processes also by adding %{session} to mail_log_prefix.
• Added ssl_require_crl setting, which specifies if CRL check must be successful when verifying client certificates.
• Added mail_shared_explicit_inbox setting to specify if a shared INBOX should be accessible as “shared/$user” or “shared/$user/INBOX”.
• v2.1.5: Using “~/” as mail_location or elsewhere failed to actually expand it to home directory.
• dbox: Fixed potential assert-crash when reading dbox files.
• trash plugin: Fixed behavior when quota is already over limit.
• mail_log plugin: Logging “copy” event didn’t work.
• Proxying to backend server with SSL: Verifying server certificate
  name always failed, because it was compared to an IP address.

And here are the upgrade instructions for Dovecot!

• Fixed bug #61807 Buffer Overflow in apache_request_headers, CVE-2012-2329.
• Fixed bug #61910 Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.
• Fixed bug #61910 Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.

To see the complete buglist solved in this release, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

I will try my utmost to keep everything up to date as much as possible as I know many of you use the information provided and there are still new people joining in. Currently I’m current with all the software but my WordPress installation is way behind and I desperately need to upgrade and I need to do something about the forums which have bee disabled because the spam was getting beyond managing manually.

Everybody: Thanks for all the support, that was and is the main thing I keep running this site.

• Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
• Add open_basedir checks to readline_write_history and readline_read_history.

To see the complete buglist solved in this release, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

For compiling read the last update and the additional notes that followed.

• IMAP: When neither the session nor the mailbox has modseq tracking enabled, return the mailbox as having NOMODSEQ in SELECT/EXAMINE reply. Old versions in this situation always simply returned HIGHESTMODSEQ as 1, which could have broken some clients.
• dict file: Added optional fcntl/flock locking (default is dotlock)
• fts-solr: doveadm fts rescan now resets indexes, which allows reindexing mails. (This isn’t a full rescan implementation like fts-lucene has.)
• doveadm expunge: Added -d parameter to delete mailbox if it’s empty after expunging.
• IMAP: Several fixes related to mailbox listing in some configs
• director: A lot of fixes and performance improvements
• v2.1.4 didn’t work without a mail home directory set
• mbox: Deleting a mailbox didn’t delete its index files.
• pop3c: TOP command was sent incorrectly
• trash plugin didn’t work properly
• LMTP: Don’t add a duplicate Return-Path: header when proxying.
• listescape: Don’t unescape namespace prefixes.

And here are the upgrade instructions for Dovecot!

./configure
make
sudo make install

The other thing I missed was the new release of Xcode. Apple released a new version of Xcode 4.3.2 which has a new method of installing. Instead of downloading the Installer from the App Store you can now install Xcode directly from the App Store. However somehow i think they needed to make the package smaller and they left out some the for us essential parts. Luckily its all still free. If you install Xcode from the App Store you need to perform some follow up actions to make it work. Startup Xcode, then let Xcode uninstall the older version, go to the preferences and go for the download tab.

Then select to install the command line tools. Use your apple-id and password to make it happen. After this you’ll be up and running in no time.

Update: If you have a developer account and can login to http://developer.apple.com you can also download the command line tools as a standalone package. Go to the download section and try it there. I’ve got the full Xcode installation as I sometimes try to write that one iPhone app that will make me a millionaire. Let me know if this works for you.

You can check the instructions on what to do here Upgrading ClamAV.

There is no need to reconfigure anything.

For those that are interested. This version of ClamAV has on access scanning available under OS X 10.5 and later. For more information please check the ClamAV website here -> http://www.clamav.net/lang/en/2012/03/21/on-access-scanning-for-os-x/

Some of the key new features include (copied from the PHP website):
traits, a shortened array syntax, a built-in webserver for testing purposes and more. PHP 5.4.0 significantly improves performance, memory footprint and fixes over 100 bugs.

For users upgrading from PHP 5.3 there is a migration guide available here, detailing the changes between those releases and PHP 5.4.0.

For instructions on how to upgrade your PHP installation please read: Upgrading PHP.

• Initial implementation of dsync-based replication. For now this should be used only on non-critical systems.
• Proxying: POP3 now supports sending remote IP+port from proxy to backend server via Dovecot-specific XCLIENT extension.
• Proxying: proxy_maybe=yes with host= (instead of IP) works now properly.
• Proxying: Added auth_proxy_self setting
• Proxying: Added proxy_always extra field (see wiki docs)
• Added director_username_hash setting to specify what part of the username is hashed. This can be used to implement per-domain backends (which allows safely accessing shared mailboxes within domain).
• + Added a “session ID” string for imap/pop3 connections, available in %{session} variable. The session ID passes through Dovecot IMAP/POP3 proxying to backend server. The same session ID is can be reused after a long time (currently a bit under 9 years).
• passdb checkpassword: Support “credentials lookups” (for non-plaintext auth and for lmtp_proxy lookups)
• fts: Added fts_index_timeout setting to abort search if indexing hasn’t finished by then (default is to wait forever).
• doveadm sync: If mailbox was expunged empty, messages may have become back instead of also being expunged in the other side.
• director: If user logged into two directors while near user expiration, the directors might have redirected the user to two different backends.
• imap_id_* settings were ignored before login.
• Several fixes to mailbox_list_index=yes
• Previous v2.1.x didn’t log all messages at shutdown.
• mbox: Fixed accessing Dovecot v1.x mbox index files without errors.

And as usual here are the upgrade instructions for Dovecot!