You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by km...@apache.org on 2020/01/25 02:04:07 UTC
svn commit: r1873122 -
/spamassassin/branches/3.4/build/announcements/3.4.4.txt
Author: kmcgrail
Date: Sat Jan 25 02:04:07 2020
New Revision: 1873122
URL: http://svn.apache.org/viewvc?rev=1873122&view=rev
Log:
preparing announcement for 3.4.4
Added:
spamassassin/branches/3.4/build/announcements/3.4.4.txt
- copied, changed from r1873120, spamassassin/branches/3.4/build/announcements/3.4.3.txt
Copied: spamassassin/branches/3.4/build/announcements/3.4.4.txt (from r1873120, spamassassin/branches/3.4/build/announcements/3.4.3.txt)
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.4/build/announcements/3.4.4.txt?p2=spamassassin/branches/3.4/build/announcements/3.4.4.txt&p1=spamassassin/branches/3.4/build/announcements/3.4.3.txt&r1=1873120&r2=1873122&rev=1873122&view=diff
==============================================================================
--- spamassassin/branches/3.4/build/announcements/3.4.3.txt (original)
+++ spamassassin/branches/3.4/build/announcements/3.4.4.txt Sat Jan 25 02:04:07 2020
@@ -2,19 +2,16 @@ From: <your@apache.org address here>
To: <your@apache.org address here>
Bcc: users@spamassassin.apache.org, dev@spamassassin.apache.org, announce@spamassassin.apache.org, announce@apache.org
Reply-to: dev@spamassassin.apache.org
-Subject: ANNOUNCE: Apache SpamAssassin 3.4.3 available
+Subject: ANNOUNCE: Apache SpamAssassin 3.4.4 available
-Release Notes -- Apache SpamAssassin -- Version 3.4.3
+Release Notes -- Apache SpamAssassin -- Version 3.4.4
Introduction
------------
-Apache SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we
-prepare to move to version 4.0.0 with better, native UTF-8 handling.
+Apache SpamAssassin 3.4.4 is primarily a security release.
-There are a number of functional patches, improvements as well as security
-reasons to upgrade to 3.4.3. In this release, there are bug fixes for two
-CVEs.
+In this release, there are bug fixes for two CVEs.
*** On March 1, 2020, we will stop publishing rulesets with SHA-1 signatures.
If you do not update to 3.4.2 or later, you will be stuck at the last
@@ -23,103 +20,30 @@ CVEs.
Many thanks to the committers, contributors, rule testers, mass checkers,
and code testers who have made this release possible.
-Happy Birthday
---------------
-Apache SpamAssassin turned 18 on September 5th, 2019.
-
-Now in its 18th year, 15 of which as an Apache project, SpamAssassin is the
-world's most popular email anti-spam platform. Apache SpamAssassin can be
-used on a wide variety of email systems including Postfix, procmail, qmail,
-sendmail, and more.
-
-It serves as the spam-filtering and detection solution for numerous ISPs and
-hosting providers, and is integrated in commercial software including Plesk,
-cPanel, Vesta Control Panel, and many others.
-
-SpamAssassin was originally created by Justin Mason, who had maintained a
-number of patches against an earlier program named filter.plx by Mark
-Jeftovic, which began in August 1997. Mason rewrote all of Jeftovic's code
-from scratch and uploaded the resulting codebase to SourceForge on April 20,
-2001. SpamAssassin entered the Apache Incubator in December 2003 and
-graduated as an Apache Top-Level Project in June 2004.
-
Notable features:
=================
-New plugins
------------
-There is 1 new plugin added with this release:
-
-# OLEVBMacro - Detects both OLE macros and VB code inside Office documents
-#
-# It tries to discern between safe and malicious code but due to the threat
-# macros present to security, many places block these type of documents
-# outright.
-#
-# For this plugin to work, Archive::Zip and IO::String modules are required.
-# loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro
-
-
-This plugin is disabled by default. To enable, uncomment the loadplugin
-configuration options in file v343.pre, or add it to some local .pre file
-such as local.pre.
+None noted.
+
Notable changes
---------------
-Safer and faster scanning of large emails using body_part_scan_size and
-rawbody_part_scan_size settings.
-
-New tflag "nosubject" for 'body' rules, to stop matching the Subject header
-which is part of the body text.
-
-Two CVE security bug fixes are included in this release:
-
- CVE-2019-12420 for Multipart Denial of Service Vulnerability
+In addition to two CVEs which shall be announced separately, this release
+includes fixes for the following:
- CVE-2018-11805 for nefarious CF files can be configured to
- run system commands without any output or errors.
-
-Security updates include deprecation of the unsafe sa-update '--allowplugins'
-option, which now prints a warning that '--reallyallowplugins' is required
-to use it.
+ - Improvements to OLEVBMacro
+ - Fix for CRLF handling with SpamAssMilter & DKIM
+ - Small fix for a regexp to provide Perl 5.8.x compatability again
+ - Increased fns_extrachars default value to 50
+ - Fixed nosubject and maxhits tflags when sa-compile is used
+ - Limited the Bayes parsed token count
+ - Improvements to whitespace trimming
New configuration options
-------------------------
-A new subjprefix keyword used to add a prefix to the subject of the
-email if a rule is matched.
-
-A new template tag _SUBJPREFIX_ that maps to the subject prefix that
-has been added by the subjprefix keyword.
-
-A new template tag _SUBTESTSCOLLAPSED(,)_ that maps to subtests that
-hits with duplicated rules collapsed.
-
-A config option rbl_headers has been added to DNSEval plugin,
-this option is used to specify in which headers check_rbl_headers
-should check for content used to query the specified rbl.
-
-A new check_rbl_ns_from function has been added to check
-the dns server of the from addrs domain name against a specific rbl.
-
-A new check_rbl_rcvd function has been added to check
-all received headers domains or ip addresses against a
-specific rbl.
-
-New options has been added to check_hashbl_emails function
-has been added; it is now possible to specify in which headers
-the function should check for content used to query the
-specified rbl and an acl to filter the email addresses the rule
-should apply.
-
-A new check_hashbl_bodyre function has been added, it is now possible
-to search body for matching regexp and query the string captured
-against the specified rbl.
-
-A new check_hashbl_uris function has been added, it is now possible
-to match uris in email's body and query the uris against the
-specified rbl.
+None noted.
Notable Internal changes
------------------------
@@ -144,19 +68,7 @@ Downloads are available from:
https://spamassassin.apache.org/downloads.cgi
-sha256sum of archive files:
-
- a5b8fde50e468be8b36b90f5c39b19dfea947d6184a06cbf6dd16bf97265008d Mail-SpamAssassin-3.4.3.tar.bz2
- bb3adac71b2a5b69d584ee9843460f61c62da0bb7441c4007cc741b404ad27b8 Mail-SpamAssassin-3.4.3.tar.gz
- 3f4e55e8b4f2420c6d0b30850acd6cfb8808c7e559e0a9168b93950ca5289e86 Mail-SpamAssassin-3.4.3.zip
- d4804c19c5ee2065443fa09e3940462daa48481dfa9d4a1d95e2683d75c7c7d9 Mail-SpamAssassin-rules-3.4.3.r1871124.tgz
-
-sha512sum of archive files:
-
- 4d50b30a42d318c3a4c868b4940d1f56c329cc501270df12e1a369dd7de670c30f328a5fbc37dbd3b0d06538b9500085e920939c62de80ad6d8740bc47162cb0 Mail-SpamAssassin-3.4.3.tar.bz2
- d2fd657d3c20273b0c06cb1da083d757d3f2a7f60c7ed6e6ad8f98e6df33c9c5f3824f0531abf5dbc32b0dde22979d7d671231fa2ef0d8b073ea6804c5de0c3a Mail-SpamAssassin-3.4.3.tar.gz
- 608d8db07e08475e8eba42584fbff95210539e34fdfdc62cc8112d8aa42e88a7537be5bc1c624d5dd9aadce717c459407e64f1b56592ac743051d2c31e817d14 Mail-SpamAssassin-3.4.3.zip
- 2089bd97798c64fec8dea127cc12fbd9d9647bfe42c056a7674c7e9f85bb9e29ad73f741317ec74824016192736d57f16f70ff9bfd1eac0a8de747e417e3175f Mail-SpamAssassin-rules-3.4.3.r1871124.tgz
+ XXX - To be added when built
Note that the *-rules-*.tgz files are only necessary if you cannot,
or do not wish to, run "sa-update" after install to download the latest
@@ -194,7 +106,7 @@ To verify a release file, download the f
file and run the following commands:
gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814
- gpg --verify Mail-SpamAssassin-3.4.3.tar.bz2.asc
+ gpg --verify Mail-SpamAssassin-3.4.4.tar.bz2.asc
gpg --fingerprint F7D39814
Then verify that the key matches the signature.