Release Notes: A malloc() buffer overrun was resolved, so that SSL/TLS certificate information is now always reported properly. The IMAP client no longer skips messages if fetchmail's "idle" is in use. The SMTP client now recovers from errors when sending an RSET command. Several other IMAP improvements were made. A FreeBSD build warning was resolved. Documentation was improved.
Release Notes: A regression causing messages to be left on the server even if softbounce was turned off was fixed. Translations were updated.
Release Notes: This release fixes a crash introduced with 6.3.11 when SSL was used in non-verbose mode. It also fixes other minor bugs, and updates translations.
Release Notes: This release fixes CVE-2009-2666, a SSL/TLS certificate verification weakness that was prone to NUL injection attacks (related to CVE-2009-2408). Non-printing characters in certificate names are now shown as ANSI-C hex escape sequences. The spurious "message delimiter found while scanning headers" message was removed, as the messages are actually RFC-5322.
Release Notes: Permanently undelivered messages are no longer dropped by default. The new "softbounce" global option controls this behavior. Progress tickers were made consistent. Non-delivery notices ("bounce mails") now mention the original reason again. The minimum recommended SMTP (RFC-5321) timeouts are enforced to leave sufficient time for the listener to respond. The comparison of SSL fingerprints is now case-insensitive. Attempts were made to be operational with Yahoo's Zimbra servers. Many other minor modifications and bugfixes were made.
Release Notes: A denial of service due to a NULL pointer dereference, reported as CVE-2007-4565, was fixed. A denial of service in extra verbose (-v -v) mode, reported as CVE-2008-2711, was fixed. A severe memory leak on failed SSL connection attempts was stuffed. Several other bugs were fixed. Documentation was improved. Translations were updated.
Release Notes: This release fixes denial of service vulnerabilities CVE-2007-4565 and CVE-2008-2711. It also fixes a data loss bug with IMAP in --keep --flush configurations. Fetchmail no longer complains about invalid sslproto when POP3 CAPA probing fails. .fetchids and .fetchmailrc can now be symlinks. fetchmailconf now quotes folder names when writing the configuration. An --sslcommonname option was added to help working with misnamed certificates. Several build systems improvements were made.
Release Notes: APOP was strengthened to make the CVE-2007-1558 attack harder. Repoll without TLS now takes place immediately if a protocol errors occur after an opportunistic TLS handshake failed. A crash when opening the BSMTP output file failed was fixed. BSMTP no longer refuses to work with PS_SOCKET. SOCKS is now listed in --configdump when compiled in. Several documentation fixes and improvements were made. delete-later was added to the contrib/ section.
Release Notes: The fixes for the password leak in 6.3.6 unfortunately entailed two regressions: KPOP became non-functional, and a POP3+TLS connection loss would not lead to a retry without TLS if TLS was optional for the connection. These bugs have been fixed.
Release Notes: This release fixes a password disclosure vulnerability (CVE-2006-5867) and a crash in certain situations (CVE-2006-5974). It re-reads /etc/resolv.conf at the beginning of a poll cycle, solving DNS issues on computers in changing network environments. The --logfile and --user options had been broken in 6.3.5, and have been repaired. Kerberos/GSSAPI error messages have been improved when support for these systems was not compiled in. Assorted minor fixes have been made.