I’m sure we have a few Mailcow users here. I just wanted to alert you to an update that is needed. There is a vulnerability but it does require authenticated users, so this is most important if you provide it to clients and/or share an instance with others.
The vulnerability allows commands to be injected in an imapsync job. Again, this requires an authenticated Mailcow user, and is not a public facing vulnerability.
Relevant commit: [Compose] Update Dovecot and Postfix images · mailcow/mailcow-dockerized@1328815 · GitHub