Release Notes: Trusted user security has been added. A storage driver abstraction layer + API has been added with drivers for MySQL, libdb4, and libdb3. A dspam_merge tool has been created for creating seeded dictionaries.
Release Notes: Security was enhanced by means of trusted users, argument overrides, and additional data integrity checks. Restricted non-trusted access to certain commandline flags (such as changing their effective dspam user ID) and passthru arguments to avoid hijacking other tools that dspam calls (such as the local delivery agent) have been added. The user recognition and user passthru approach has also been changed in an effort to decrease confusion about passing the userid to the delivery agent, and therefore some configuration changes will need to be made prior to upgrading.
Release Notes: This release has command line checking for insecure characters in passthrough parameters.
Release Notes: A permissions-related security vulnerability has been fixed. Potentially insecure functions are disabled unless --enable-insecure-functions is explicitly used at configure time. The locking mechanism has been reworked to support multiple dspam agents sharing an NFS disk to function correctly. A minor quoted-printable parsing bug has been fixed. Perl tools and CGIs have been recoded to adopt --prefix information from configure. A bug in fixing "From" header corruption in some implementations has been fixed. A minor miscalculation in false positive reporting has been fixed.