| From: <your@apache.org address here> |
| To: <your@apache.org address here> |
| Bcc: users@spamassassin.apache.org, dev@spamassassin.apache.org, announce@spamassassin.apache.org, announce@apache.org |
| Reply-to: dev@spamassassin.apache.org |
| Subject: ANNOUNCE: Apache SpamAssassin 3.4.4 available |
| |
| Release Notes -- Apache SpamAssassin -- Version 3.4.4 |
| |
| Introduction |
| ------------ |
| |
| Apache SpamAssassin 3.4.4 is primarily a security release. |
| |
| In this release, there are bug fixes for two CVEs. |
| |
| *** On March 1, 2020, we will stop publishing rulesets with SHA-1 signatures. |
| If you do not update to 3.4.2 or later, you will be stuck at the last |
| ruleset with SHA-1 signatures. *** |
| |
| Many thanks to the committers, contributors, rule testers, mass checkers, |
| and code testers who have made this release possible. |
| |
| Notable features: |
| ================= |
| |
| None noted. |
| |
| |
| Notable changes |
| --------------- |
| |
| In addition to two CVEs which shall be announced separately, this release |
| includes fixes for the following: |
| |
| - Improvements to OLEVBMacro |
| - Fix for CRLF handling with SpamAssMilter & DKIM |
| - Small fix for a regexp to provide Perl 5.8.x compatability again |
| - Increased fns_extrachars default value to 50 |
| - Fixed nosubject and maxhits tflags when sa-compile is used |
| - Limited the Bayes parsed token count |
| - Improvements to whitespace trimming |
| |
| New configuration options |
| ------------------------- |
| |
| None noted. |
| |
| Notable Internal changes |
| ------------------------ |
| |
| None noted. |
| |
| Other updates |
| ------------- |
| |
| None noted. |
| |
| Optimizations |
| ------------- |
| |
| None noted. |
| |
| |
| Downloading and availability |
| ---------------------------- |
| |
| Downloads are available from: |
| |
| https://spamassassin.apache.org/downloads.cgi |
| |
| sha256sum of archive files: |
| |
| 4e2bc79e24cdbb3d8262e6ec4f5bb3dde670de9caaa739d50c698b6d45ac453d Mail-SpamAssassin-3.4.4.tar.bz2 |
| 8ea27a165b81e3ce8c84ae85c3ecba1f2edfa04ef4a86f07fe28ab612fc8ff60 Mail-SpamAssassin-3.4.4.tar.gz |
| e2fe48929cc35afc28fb9fc7d8c7c42e9e457c560dfaf0f9c3aa27b850e5de7a Mail-SpamAssassin-3.4.4.zip |
| d4cbd90fa22b9104ee095d1fe08a9d1cd3b3a0f6022c52214c025443ffffe241 Mail-SpamAssassin-rules-3.4.4.r1873061.tgz |
| |
| sha512sum of archive files: |
| |
| 7dfd0cf3426df683f608218da8881538a24e833024f2a1eb0f8513bdf3e4bc6ac48198c4f380efe024a01ae7b6a5ab9d76205cec185d0e4818f1cc79bda0ea3f Mail-SpamAssassin-3.4.4.tar.bz2 |
| b6efa1c733ddf810b189ec69445faeae6488ee2671f87f56b49ec3bf85690bf7950aa5ce251c1f1371b2bbe4fb88dbce0a162c9a24a48ed5e6584f9019611552 Mail-SpamAssassin-3.4.4.tar.gz |
| 50328424785147ab9ddfead48e7c555b87043364fe4bf3c3e891a0aa1e4c8684fb30cae4897d2b2f618b41905f793b2a65d19d9bd01b04adafef771af40ab96f Mail-SpamAssassin-3.4.4.zip |
| cc2f6949db4662cdcaf5dcef922e69d18320a591deb7fb98c1fb729d91d37f5164052ab6cd2e294657334874fbfc0cccdefc750910e0453cb8da0b3f263b3ede Mail-SpamAssassin-rules-3.4.4.r1873061.tgz |
| |
| Note that the *-rules-*.tgz files are only necessary if you cannot, |
| or do not wish to, run "sa-update" after install to download the latest |
| fresh rules. |
| |
| See the INSTALL and UPGRADE files in the distribution for important |
| installation notes. |
| |
| |
| GPG Verification Procedure |
| -------------------------- |
| The release files also have a .asc accompanying them. The file serves |
| as an external GPG signature for the given release file. The signing |
| key is available via the wwwkeys.pgp.net key server, as well as |
| https://www.apache.org/dist/spamassassin/KEYS |
| |
| |
| |
| The following key is used to sign releases after, and including SA 3.3.0: |
| |
| pub 4096R/F7D39814 2009-12-02 |
| Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814 |
| uid SpamAssassin Project Management Committee <private@spamassassin.apache.org> |
| uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <dev@spamassassin.apache.org> |
| sub 4096R/7B3265A5 2009-12-02 |
| |
| The following key is used to sign rule updates: |
| |
| pub 4096R/5244EC45 2005-12-20 |
| Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78 DFDC 4056 A61A 5244 EC45 |
| uid updates.spamassassin.org Signing Key <release@spamassassin.org> |
| sub 4096R/24F434CE 2005-12-20 |
| |
| To verify a release file, download the file with the accompanying .asc |
| file and run the following commands: |
| |
| gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814 |
| gpg --verify Mail-SpamAssassin-3.4.4.tar.bz2.asc |
| gpg --fingerprint F7D39814 |
| |
| Then verify that the key matches the signature. |
| |
| Note that older versions of gnupg may not be able to complete the steps |
| above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11 |
| worked flawlessly. |
| |
| See https://www.apache.org/info/verification.html for more information |
| on verifying Apache releases. |
| |
| |
| About Apache SpamAssassin |
| ------------------------- |
| |
| Apache SpamAssassin is a mature, widely-deployed open source project |
| that serves as a mail filter to identify spam. SpamAssassin uses a |
| variety of mechanisms including mail header and text analysis, Bayesian |
| filtering, DNS blocklists, and collaborative filtering databases. In |
| addition, Apache SpamAssassin has a modular architecture that allows |
| other technologies to be quickly incorporated as an addition or as a |
| replacement for existing methods. |
| |
| Apache SpamAssassin typically runs on a server, classifies and labels |
| spam before it reaches your mailbox, while allowing other components of |
| a mail system to act on its results. |
| |
| Most of the Apache SpamAssassin is written in Perl, with heavily |
| traversed code paths carefully optimized. Benefits are portability, |
| robustness and facilitated maintenance. It can run on a wide variety of |
| POSIX platforms. |
| |
| The server and the Perl library feels at home on Unix and Linux platforms |
| and reportedly also works on MS Windows systems under ActivePerl. |
| |
| For more information, visit https://spamassassin.apache.org/ |
| |
| |
| About The Apache Software Foundation |
| ------------------------------------ |
| |
| Established in 1999, The Apache Software Foundation provides |
| organizational, legal, and financial support for more than 100 |
| freely-available, collaboratively-developed Open Source projects. The |
| pragmatic Apache License enables individual and commercial users to |
| easily deploy Apache software; the Foundation's intellectual property |
| framework limits the legal exposure of its 2,500+ contributors. |
| |
| For more information, visit https://www.apache.org/ |