Projects / fetchmail / Releases

All releases of fetchmail

  •  15 Feb 2010 21:18
Avatar

    Release Notes: A malloc() buffer overrun was resolved, so that SSL/TLS certificate information is now always reported properly. The IMAP client no longer skips messages if fetchmail's "idle" is in use. The SMTP client now recovers from errors when sending an RSET command. Several other IMAP improvements were made. A FreeBSD build warning was resolved. Documentation was improved.

    •  07 Nov 2009 09:54
    Avatar

      Release Notes: A regression causing messages to be left on the server even if softbounce was turned off was fixed. Translations were updated.

      •  05 Oct 2009 20:22
      Avatar

        Release Notes: This release fixes a crash introduced with 6.3.11 when SSL was used in non-verbose mode. It also fixes other minor bugs, and updates translations.

        •  18 Aug 2009 08:39
        Avatar

          Release Notes: This release fixes CVE-2009-2666, a SSL/TLS certificate verification weakness that was prone to NUL injection attacks (related to CVE-2009-2408). Non-printing characters in certificate names are now shown as ANSI-C hex escape sequences. The spurious "message delimiter found while scanning headers" message was removed, as the messages are actually RFC-5322.

          •  31 Jul 2009 20:07
          Avatar

            Release Notes: Permanently undelivered messages are no longer dropped by default. The new "softbounce" global option controls this behavior. Progress tickers were made consistent. Non-delivery notices ("bounce mails") now mention the original reason again. The minimum recommended SMTP (RFC-5321) timeouts are enforced to leave sufficient time for the listener to respond. The comparison of SSL fingerprints is now case-insensitive. Attempts were made to be operational with Yahoo's Zimbra servers. Many other minor modifications and bugfixes were made.

            •  24 Dec 2008 11:54
            Avatar

              Release Notes: A denial of service due to a NULL pointer dereference, reported as CVE-2007-4565, was fixed. A denial of service in extra verbose (-v -v) mode, reported as CVE-2008-2711, was fixed. A severe memory leak on failed SSL connection attempts was stuffed. Several other bugs were fixed. Documentation was improved. Translations were updated.

              •  25 Jun 2008 11:43
              Avatar

                Release Notes: This release fixes denial of service vulnerabilities CVE-2007-4565 and CVE-2008-2711. It also fixes a data loss bug with IMAP in --keep --flush configurations. Fetchmail no longer complains about invalid sslproto when POP3 CAPA probing fails. .fetchids and .fetchmailrc can now be symlinks. fetchmailconf now quotes folder names when writing the configuration. An --sslcommonname option was added to help working with misnamed certificates. Several build systems improvements were made.

                •  07 Apr 2007 08:29
                Avatar

                  Release Notes: APOP was strengthened to make the CVE-2007-1558 attack harder. Repoll without TLS now takes place immediately if a protocol errors occur after an opportunistic TLS handshake failed. A crash when opening the BSMTP output file failed was fixed. BSMTP no longer refuses to work with PS_SOCKET. SOCKS is now listed in --configdump when compiled in. Several documentation fixes and improvements were made. delete-later was added to the contrib/ section.

                  •  19 Feb 2007 06:23
                  Avatar

                    Release Notes: The fixes for the password leak in 6.3.6 unfortunately entailed two regressions: KPOP became non-functional, and a POP3+TLS connection loss would not lead to a retry without TLS if TLS was optional for the connection. These bugs have been fixed.

                    •  06 Jan 2007 02:27
                    Avatar

                      Release Notes: This release fixes a password disclosure vulnerability (CVE-2006-5867) and a crash in certain situations (CVE-2006-5974). It re-reads /etc/resolv.conf at the beginning of a poll cycle, solving DNS issues on computers in changing network environments. The --logfile and --user options had been broken in 6.3.5, and have been repaired. Kerberos/GSSAPI error messages have been improved when support for these systems was not compiled in. Assorted minor fixes have been made.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.