Support for legacy SSLv2 and SSLv3 protocols has been removed
These protocols were previously enabled by default, but could be disabled by removing them from tls_versions in imapd.conf(5). They are now completely unsupported.
Administrators needing to support these protocols may find a patch in contrib/allow-broken-sslv23.patch. With this patch, SSLv2 and SSLv3 will be disabled by default, but can be enabled by adding them to tls_versions. Users of this patch do so at their own risk.
Support for TLS compression has been removed (thanks Ondřej Surý)
This was previously disabled by default, but could be enabled with tls_compression in imapd.conf(5). It is now completely unsupported.
A number of patches from Debian’s repository have been merged. Thanks to the various developers who contributed them to the Debian project, and to Ondřej Surý for collating and sending them upstream.
collectnews!:*:Tf,WO:collectnews
This behavior can be turned off by a configuration option imapd.conf--which may be desirable because of certain clients that ask for a "mail directory" setting for IMAP which will now cause problems when it was ignored before. (The default is for the reference argument to be honored.)