Release Notes: The MTA accessed storage after it free()d it. This was a regression introduced in 8.14.2. The libmilter state engine did not deal correctly with milters that requested the omission of protocol steps during the negotiation callback.
Release Notes: This version fixes some problems, mostly related to IPv6. Unfortunately the Build script of 8.14.8 contains a regression, causing it to work improperly on some operating systems. A patch is available.
Release Notes: This version fixes the handling of NUL characters ('\0') in mail bodies by the MIME conversion functions, which are used even if no explicit conversion is happening, e.g., if MaxMimeHeaderLength is not zero, as well as some other problems.
Release Notes: This release fixed a problem where if a server offered two AUTH lines, the MTA would not read them after STARTTLS has been used and hence SMTP AUTH for the client side would fail. Hostnames are no longer cached internally in a non-case sensitive way, as that may cause addresses to change from lower case to upper case or vice versa. An issue where it was possible that new queue runners could not be started if MaxQueueChildren was set was fixed. A 8.14.6.milter.EHLOmacros patch is also available.
Release Notes: SMTP extensions are no longer cached across connections, as the cache is based on hostname, which may not be a unique identifier for a server, i.e. different machines may have the same hostname but provide different SMTP extensions. Out-of-bounds access is avoided in case a resolver reply for a DNS map lookup returns a size larger than 1K. The interrupt signal handler has been cleaned up to avoid invoking functions that are not signal-safe. At most, two AUTH lines are read from a server to avoid a memory exhaustion DoS attack against the client.
Release Notes: This version fixed a problem where some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. A workaround for a Linux resolver problem has been added to avoid core dumps. A bug where the value of headers, e.g., Precedence, Content-Type, et.al., was not extracted correctly thus preventing them from being recognized properly was fixed. An erroneous reduction of the length limitation on a return path was fixed.