There is a reasonably serious problem with dovecot security: https://threatpost.com/email-bug-message-snooping-credential-theft/167125/ <https://threatpost.com/email-bug-message-snooping-credential-theft/167125/> which has been made public since June 21. It does require a man-in-the-middle attack, so it is not that easy to exploit, but it is pretty serious as it breaches credentials.
I have created a ticket in trac for the maintainers (as well as this message here) as I did know where I should inform the maintainers. Yours, Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>) R&A Enterprise Architecture <https://ea.rna.nl/> (main site) Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
