build/announcements/3.4.4.txt - spamassassin - Git at Google

 From: <your@apache.org address here>
 To: <your@apache.org address here>
 Bcc: users@spamassassin.apache.org, dev@spamassassin.apache.org, announce@spamassassin.apache.org, announce@apache.org
 Reply-to: dev@spamassassin.apache.org
 Subject: ANNOUNCE: Apache SpamAssassin 3.4.4 available

 Release Notes -- Apache SpamAssassin -- Version 3.4.4

 Introduction
 ------------

 Apache SpamAssassin 3.4.4 is primarily a security release.

 In this release, there are bug fixes for two CVEs.

 *** On March 1, 2020, we will stop publishing rulesets with SHA-1 signatures.
     If you do not update to 3.4.2 or later, you will be stuck at the last
     ruleset with SHA-1 signatures. ***

 Many thanks to the committers, contributors, rule testers, mass checkers,
 and code testers who have made this release possible.

 Notable features:
 =================

 None noted.


 Notable changes
 ---------------

 In addition to two CVEs which shall be announced separately, this release
 includes fixes for the following:

   - Improvements to OLEVBMacro
   - Fix for CRLF handling with SpamAssMilter & DKIM
   - Small fix for a regexp to provide Perl 5.8.x compatability again
   - Increased fns_extrachars default value to 50
   - Fixed nosubject and maxhits tflags when sa-compile is used
   - Limited the Bayes parsed token count
   - Improvements to whitespace trimming

 New configuration options
 -------------------------

 None noted.

 Notable Internal changes
 ------------------------

 None noted.

 Other updates
 -------------

 None noted.

 Optimizations
 -------------

 None noted.


 Downloading and availability
 ----------------------------

 Downloads are available from:

 https://spamassassin.apache.org/downloads.cgi

 sha256sum of archive files:

   4e2bc79e24cdbb3d8262e6ec4f5bb3dde670de9caaa739d50c698b6d45ac453d  Mail-SpamAssassin-3.4.4.tar.bz2
   8ea27a165b81e3ce8c84ae85c3ecba1f2edfa04ef4a86f07fe28ab612fc8ff60  Mail-SpamAssassin-3.4.4.tar.gz
   e2fe48929cc35afc28fb9fc7d8c7c42e9e457c560dfaf0f9c3aa27b850e5de7a  Mail-SpamAssassin-3.4.4.zip
   d4cbd90fa22b9104ee095d1fe08a9d1cd3b3a0f6022c52214c025443ffffe241  Mail-SpamAssassin-rules-3.4.4.r1873061.tgz

 sha512sum of archive files:

   7dfd0cf3426df683f608218da8881538a24e833024f2a1eb0f8513bdf3e4bc6ac48198c4f380efe024a01ae7b6a5ab9d76205cec185d0e4818f1cc79bda0ea3f  Mail-SpamAssassin-3.4.4.tar.bz2
   b6efa1c733ddf810b189ec69445faeae6488ee2671f87f56b49ec3bf85690bf7950aa5ce251c1f1371b2bbe4fb88dbce0a162c9a24a48ed5e6584f9019611552  Mail-SpamAssassin-3.4.4.tar.gz
   50328424785147ab9ddfead48e7c555b87043364fe4bf3c3e891a0aa1e4c8684fb30cae4897d2b2f618b41905f793b2a65d19d9bd01b04adafef771af40ab96f  Mail-SpamAssassin-3.4.4.zip
   cc2f6949db4662cdcaf5dcef922e69d18320a591deb7fb98c1fb729d91d37f5164052ab6cd2e294657334874fbfc0cccdefc750910e0453cb8da0b3f263b3ede  Mail-SpamAssassin-rules-3.4.4.r1873061.tgz

 Note that the *-rules-*.tgz files are only necessary if you cannot,
 or do not wish to, run "sa-update" after install to download the latest
 fresh rules.

 See the INSTALL and UPGRADE files in the distribution for important
 installation notes.


 GPG Verification Procedure
 --------------------------
 The release files also have a .asc accompanying them.  The file serves
 as an external GPG signature for the given release file.  The signing
 key is available via the wwwkeys.pgp.net key server, as well as
 https://www.apache.org/dist/spamassassin/KEYS


 The following key is used to sign releases after, and including SA 3.3.0:

 pub   4096R/F7D39814 2009-12-02
       Key fingerprint = D809 9BC7 9E17 D7E4 9BC2  1E31 FDE5 2F40 F7D3 9814
 uid                  SpamAssassin Project Management Committee <private@spamassassin.apache.org>
 uid                  SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
 sub   4096R/7B3265A5 2009-12-02

 The following key is used to sign rule updates:

 pub   4096R/5244EC45 2005-12-20
       Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78  DFDC 4056 A61A 5244 EC45
 uid                  updates.spamassassin.org Signing Key <release@spamassassin.org>
 sub   4096R/24F434CE 2005-12-20

 To verify a release file, download the file with the accompanying .asc
 file and run the following commands:

   gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814
   gpg --verify Mail-SpamAssassin-3.4.4.tar.bz2.asc
   gpg --fingerprint F7D39814

 Then verify that the key matches the signature.

 Note that older versions of gnupg may not be able to complete the steps
 above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11
 worked flawlessly.

 See https://www.apache.org/info/verification.html for more information
 on verifying Apache releases.


 About Apache SpamAssassin
 -------------------------

 Apache SpamAssassin is a mature, widely-deployed open source project
 that serves as a mail filter to identify spam. SpamAssassin uses a
 variety of mechanisms including mail header and text analysis, Bayesian
 filtering, DNS blocklists, and collaborative filtering databases. In
 addition, Apache SpamAssassin has a modular architecture that allows
 other technologies to be quickly incorporated as an addition or as a
 replacement for existing methods.

 Apache SpamAssassin typically runs on a server, classifies and labels
 spam before it reaches your mailbox, while allowing other components of
 a mail system to act on its results.

 Most of the Apache SpamAssassin is written in Perl, with heavily
 traversed code paths carefully optimized. Benefits are portability,
 robustness and facilitated maintenance. It can run on a wide variety of
 POSIX platforms.

 The server and the Perl library feels at home on Unix and Linux platforms
 and reportedly also works on MS Windows systems under ActivePerl.

 For more information, visit https://spamassassin.apache.org/


 About The Apache Software Foundation
 ------------------------------------

 Established in 1999, The Apache Software Foundation provides
 organizational, legal, and financial support for more than 100
 freely-available, collaboratively-developed Open Source projects. The
 pragmatic Apache License enables individual and commercial users to
 easily deploy Apache software; the Foundation's intellectual property
 framework limits the legal exposure of its 2,500+ contributors.

 For more information, visit https://www.apache.org/
	From: <your@apache.org address here>
	To: <your@apache.org address here>
	Bcc: users@spamassassin.apache.org, dev@spamassassin.apache.org, announce@spamassassin.apache.org, announce@apache.org
	Reply-to: dev@spamassassin.apache.org
	Subject: ANNOUNCE: Apache SpamAssassin 3.4.4 available

	Release Notes -- Apache SpamAssassin -- Version 3.4.4

	Introduction
	------------

	Apache SpamAssassin 3.4.4 is primarily a security release.

	In this release, there are bug fixes for two CVEs.

	*** On March 1, 2020, we will stop publishing rulesets with SHA-1 signatures.
	If you do not update to 3.4.2 or later, you will be stuck at the last
	ruleset with SHA-1 signatures. ***

	Many thanks to the committers, contributors, rule testers, mass checkers,
	and code testers who have made this release possible.

	Notable features:
	=================

	None noted.


	Notable changes
	---------------

	In addition to two CVEs which shall be announced separately, this release
	includes fixes for the following:

	- Improvements to OLEVBMacro
	- Fix for CRLF handling with SpamAssMilter & DKIM
	- Small fix for a regexp to provide Perl 5.8.x compatability again
	- Increased fns_extrachars default value to 50
	- Fixed nosubject and maxhits tflags when sa-compile is used
	- Limited the Bayes parsed token count
	- Improvements to whitespace trimming

	New configuration options
	-------------------------

	None noted.

	Notable Internal changes
	------------------------

	None noted.

	Other updates
	-------------

	None noted.

	Optimizations
	-------------

	None noted.


	Downloading and availability
	----------------------------

	Downloads are available from:

	https://spamassassin.apache.org/downloads.cgi

	sha256sum of archive files:

	4e2bc79e24cdbb3d8262e6ec4f5bb3dde670de9caaa739d50c698b6d45ac453d Mail-SpamAssassin-3.4.4.tar.bz2
	8ea27a165b81e3ce8c84ae85c3ecba1f2edfa04ef4a86f07fe28ab612fc8ff60 Mail-SpamAssassin-3.4.4.tar.gz
	e2fe48929cc35afc28fb9fc7d8c7c42e9e457c560dfaf0f9c3aa27b850e5de7a Mail-SpamAssassin-3.4.4.zip
	d4cbd90fa22b9104ee095d1fe08a9d1cd3b3a0f6022c52214c025443ffffe241 Mail-SpamAssassin-rules-3.4.4.r1873061.tgz

	sha512sum of archive files:

	7dfd0cf3426df683f608218da8881538a24e833024f2a1eb0f8513bdf3e4bc6ac48198c4f380efe024a01ae7b6a5ab9d76205cec185d0e4818f1cc79bda0ea3f Mail-SpamAssassin-3.4.4.tar.bz2
	b6efa1c733ddf810b189ec69445faeae6488ee2671f87f56b49ec3bf85690bf7950aa5ce251c1f1371b2bbe4fb88dbce0a162c9a24a48ed5e6584f9019611552 Mail-SpamAssassin-3.4.4.tar.gz
	50328424785147ab9ddfead48e7c555b87043364fe4bf3c3e891a0aa1e4c8684fb30cae4897d2b2f618b41905f793b2a65d19d9bd01b04adafef771af40ab96f Mail-SpamAssassin-3.4.4.zip
	cc2f6949db4662cdcaf5dcef922e69d18320a591deb7fb98c1fb729d91d37f5164052ab6cd2e294657334874fbfc0cccdefc750910e0453cb8da0b3f263b3ede Mail-SpamAssassin-rules-3.4.4.r1873061.tgz

	Note that the -rules-.tgz files are only necessary if you cannot,
	or do not wish to, run "sa-update" after install to download the latest
	fresh rules.

	See the INSTALL and UPGRADE files in the distribution for important
	installation notes.


	GPG Verification Procedure
	--------------------------
	The release files also have a .asc accompanying them. The file serves
	as an external GPG signature for the given release file. The signing
	key is available via the wwwkeys.pgp.net key server, as well as
	https://www.apache.org/dist/spamassassin/KEYS



	The following key is used to sign releases after, and including SA 3.3.0:

	pub 4096R/F7D39814 2009-12-02
	Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814
	uid SpamAssassin Project Management Committee <private@spamassassin.apache.org>
	uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
	sub 4096R/7B3265A5 2009-12-02

	The following key is used to sign rule updates:

	pub 4096R/5244EC45 2005-12-20
	Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78 DFDC 4056 A61A 5244 EC45
	uid updates.spamassassin.org Signing Key <release@spamassassin.org>
	sub 4096R/24F434CE 2005-12-20

	To verify a release file, download the file with the accompanying .asc
	file and run the following commands:

	gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814
	gpg --verify Mail-SpamAssassin-3.4.4.tar.bz2.asc
	gpg --fingerprint F7D39814

	Then verify that the key matches the signature.

	Note that older versions of gnupg may not be able to complete the steps
	above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11
	worked flawlessly.

	See https://www.apache.org/info/verification.html for more information
	on verifying Apache releases.


	About Apache SpamAssassin
	-------------------------

	Apache SpamAssassin is a mature, widely-deployed open source project
	that serves as a mail filter to identify spam. SpamAssassin uses a
	variety of mechanisms including mail header and text analysis, Bayesian
	filtering, DNS blocklists, and collaborative filtering databases. In
	addition, Apache SpamAssassin has a modular architecture that allows
	other technologies to be quickly incorporated as an addition or as a
	replacement for existing methods.

	Apache SpamAssassin typically runs on a server, classifies and labels
	spam before it reaches your mailbox, while allowing other components of
	a mail system to act on its results.

	Most of the Apache SpamAssassin is written in Perl, with heavily
	traversed code paths carefully optimized. Benefits are portability,
	robustness and facilitated maintenance. It can run on a wide variety of
	POSIX platforms.

	The server and the Perl library feels at home on Unix and Linux platforms
	and reportedly also works on MS Windows systems under ActivePerl.

	For more information, visit https://spamassassin.apache.org/


	About The Apache Software Foundation
	------------------------------------

	Established in 1999, The Apache Software Foundation provides
	organizational, legal, and financial support for more than 100
	freely-available, collaboratively-developed Open Source projects. The
	pragmatic Apache License enables individual and commercial users to
	easily deploy Apache software; the Foundation's intellectual property
	framework limits the legal exposure of its 2,500+ contributors.

	For more information, visit https://www.apache.org/