Apache SpamAssassin 3.4.3 has been released!
Apache SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we prepare to move to version 4.0.0 with better, native UTF-8 handling. There are a number of functional patches, improvements as well as security reasons to upgrade to 3.4.3. In this release, there is also one new plugin and there are bug fixes for two CVEs:
- CVE-2019-12420 for Multipart Denial of Service Vulnerability
- CVE-2018-11805 for nefarious CF files can be configured to run system commands without any output or errors.
*** On March 1, 2020, we will stop publishing rulesets with SHA-1 signatures. If you do not update to 3.4.2 or later, you will be stuck at the last ruleset with SHA-1 signatures. ***