| From: <your@apache.org address here> |
| To: <your@apache.org address here> |
| Bcc: users@spamassassin.apache.org, dev@spamassassin.apache.org, announce@spamassassin.apache.org, announce@apache.org |
| Reply-to: dev@spamassassin.apache.org |
| Subject: ANNOUNCE: Apache SpamAssassin 3.4.5 available |
| |
| Release Notes -- Apache SpamAssassin -- Version 3.4.5 |
| |
| Introduction |
| ------------ |
| |
| Apache SpamAssassin 3.4.5 is primarily a security release. |
| |
| In this release, there are bug fixes for one CVE. |
| |
| *** On March 1, 2020, we stopped publishing rulesets with SHA-1 signatures. |
| If you do not update to 3.4.2 or later, you will be stuck at the last |
| ruleset with SHA-1 signatures. Such an upgrade should be to 3.4.5 to |
| obtain the contained security fixes *** |
| |
| *** Ongoing development on the 3.4 branch has ceased. All future releases |
| and bug fixes will be on the 4.0 series, unless a new security issue |
| is found that necessitates a 3.4.6 release. *** |
| |
| Many thanks to the committers, contributors, rule testers, mass checkers, |
| and code testers who have made this release possible. |
| |
| Notable features: |
| ================= |
| |
| None noted. |
| |
| |
| Notable changes |
| --------------- |
| |
| In addition to the CVE which shall be announced separately, this release |
| includes fixes for the following: |
| |
| - Improvements to OLEVBMacro and AskDNS plugins |
| - Received and EnvelopeFrom headers matching improvements |
| - userpref SQL schema fixes |
| - rbl and hashbl evaluation improvements |
| - fix for non working TxRep tag names |
| - man page fixes |
| |
| New configuration options |
| ------------------------- |
| |
| None noted. |
| |
| Notable Internal changes |
| ------------------------ |
| |
| None noted. |
| |
| Other updates |
| ------------- |
| |
| None noted. |
| |
| Optimizations |
| ------------- |
| |
| None noted. |
| |
| |
| Downloading and availability |
| ---------------------------- |
| |
| Downloads are available from: |
| |
| https://spamassassin.apache.org/downloads.cgi |
| |
| sha256sum of archive files: |
| |
| 67edf87126af4869c2a42720fc3dbb34ce25285449ef1f3fc1ab712d2e0a5463 Mail-SpamAssassin-3.4.5.tar.bz2 |
| a640842c5f3f468e3a21cbb9c555647306ec77807e57c5744ef0065e4a8675f6 Mail-SpamAssassin-3.4.5.tar.gz |
| b60da76a6ad9178db60c680fa2597f76cdbf1de1393f3e34ea3d76f1168aece6 Mail-SpamAssassin-3.4.5.zip |
| 2690aa131b79788ba756030af8746dd4531ab2c0cb56c0fe469f58d9dd043aad Mail-SpamAssassin-rules-3.4.5.r1887800.tgz |
| |
| sha512sum of archive files: |
| |
| 46096019ef3d2b6dadb7af0d076c22526786cccb669cd4bed131b64fa935863630ca9f3e78277bebba0ed75099be9fbce97a30a6478ed84093896a1ad3d8387a Mail-SpamAssassin-3.4.5.tar.bz2 |
| 76323d8a5be1f5451375adc8b7989f183e72d0fa52848a1356c3b7fb3da9a9328fe9f91bcc941228c2cb91180ed49583a9a8bebf1f00caf7ad898251af3b9ba3 Mail-SpamAssassin-3.4.5.tar.gz |
| f903203f6ce29c14d1589648cb382e805926c62df1e8e9ee47bba78eaf168c133361fff927e40e15fe5592b4989a30e222e469ff72d4a638c179a330102174d1 Mail-SpamAssassin-3.4.5.zip |
| d759ff2d6941a997e0b3f8db189d414c04eb07f63330f074a829bc0de26d8ea6c8c0e8e3d7efaabd0a1cede8ecc645059c7fd83333c1ce5409656e0ca23b06e1 Mail-SpamAssassin-rules-3.4.5.r1887800.tgz |
| |
| Note that the *-rules-*.tgz files are only necessary if you cannot, |
| or do not wish to, run "sa-update" after install to download the latest |
| fresh rules. |
| |
| See the INSTALL and UPGRADE files in the distribution for important |
| installation notes. |
| |
| |
| GPG Verification Procedure |
| -------------------------- |
| The release files also have a .asc accompanying them. The file serves |
| as an external GPG signature for the given release file. The signing |
| key is available via the keys.gnupg.net or keys.openpgp.org key servers, |
| as well as https://www.apache.org/dist/spamassassin/KEYS |
| |
| |
| |
| The following key is used to sign releases after, and including SA 3.3.0: |
| |
| pub 4096R/F7D39814 2009-12-02 |
| Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814 |
| uid SpamAssassin Project Management Committee <private@spamassassin.apache.org> |
| uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <dev@spamassassin.apache.org> |
| sub 4096R/7B3265A5 2009-12-02 |
| |
| The following key is used to sign rule updates: |
| |
| pub 4096R/5244EC45 2005-12-20 |
| Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78 DFDC 4056 A61A 5244 EC45 |
| uid updates.spamassassin.org Signing Key <release@spamassassin.org> |
| sub 4096R/24F434CE 2005-12-20 |
| |
| To verify a release file, download the file with the accompanying .asc |
| file and run the following commands: |
| |
| gpg --verbose --keyserver keys.gnupg.net --recv-key FDE52F40F7D39814 |
| gpg --verify Mail-SpamAssassin-3.4.5.tar.bz2.asc |
| gpg --fingerprint FDE52F40F7D39814 |
| |
| Then verify that the key matches the signature. |
| |
| Note that older versions of gnupg may not be able to complete the steps |
| above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11 |
| worked flawlessly. |
| |
| See https://www.apache.org/info/verification.html for more information |
| on verifying Apache releases. |
| |
| |
| About Apache SpamAssassin |
| ------------------------- |
| |
| Apache SpamAssassin is a mature, widely-deployed open source project |
| that serves as a mail filter to identify spam. SpamAssassin uses a |
| variety of mechanisms including mail header and text analysis, Bayesian |
| filtering, DNS blocklists, and collaborative filtering databases. In |
| addition, Apache SpamAssassin has a modular architecture that allows |
| other technologies to be quickly incorporated as an addition or as a |
| replacement for existing methods. |
| |
| Apache SpamAssassin typically runs on a server, classifies and labels |
| spam before it reaches your mailbox, while allowing other components of |
| a mail system to act on its results. |
| |
| Most of the Apache SpamAssassin is written in Perl, with heavily |
| traversed code paths carefully optimized. Benefits are portability, |
| robustness and facilitated maintenance. It can run on a wide variety of |
| POSIX platforms. |
| |
| The server and the Perl library feels at home on Unix and Linux platforms |
| and reportedly also works on MS Windows systems under ActivePerl. |
| |
| For more information, visit https://spamassassin.apache.org/ |
| |
| |
| About The Apache Software Foundation |
| ------------------------------------ |
| |
| Established in 1999, The Apache Software Foundation provides |
| organizational, legal, and financial support for more than 100 |
| freely-available, collaboratively-developed Open Source projects. The |
| pragmatic Apache License enables individual and commercial users to |
| easily deploy Apache software; the Foundation's intellectual property |
| framework limits the legal exposure of its 2,500+ contributors. |
| |
| For more information, visit https://www.apache.org/ |