The #1 Enterprise Open-Source Spam Filter |
||||||||||
|
2024-03-29: Apache SpamAssassin 4.0.1 has been released! This is a patch release that fixes issues that have surfaced since the release of 4.0.0. It provides compatability with the latest version of Perl, 5.38, which was released in July, 2023, as well as with recent release versions of some required Perl modules.
2022-12-17: Apache SpamAssassin 4.0.0 has been released! This is a major upgrade to SpamAssassin with full Unicode support and many other new features.
2021-04-12: Apache SpamAssassin 3.4.6 has been released! Apache SpamAssassin 3.4.6 fixes two bugs that were introduced by the 3.4.5 release that could prevent certain rules from properly firing.
*** There will be no more development or bug fixes in the 3.4 branch unless a new security issue requires a 3.4.7 release. All future releases and bug fixes will be in the 4.0 series. ***
2021-03-24: Apache SpamAssassin 3.4.5 has been released! Apache SpamAssassin 3.4.5 is primarily a security release. In this release, there are bug fixes for one CVE:
*** On March 1, 2020, we stopped publishing rulesets with SHA-1 checksums. If you do not update to 3.4.2 or later, you will be stuck at the last ruleset with SHA-1 checksums. ***
- CVE-2020-1946 for Malicious rule configuration (.cf) files can be configured to run system commands.
2020-01-28: Apache SpamAssassin 3.4.4 has been released! Apache SpamAssassin 3.4.4 is primarily a security release. In this release, there are bug fixes for two CVEs:
- CVE-2020-1931 for Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.
- CVE-2020-1930 for Nefarious rule configuration (.cf) files can be configured to run system commands with sa-compile.
2019-12-11: Apache SpamAssassin 3.4.3 has been released! Apache SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we prepare to move to version 4.0.0 with better, native UTF-8 handling. There are a number of functional patches, improvements as well as security reasons to upgrade to 3.4.3. In this release, there is also one new plugin and there are bug fixes for two CVEs:
*** On March 1, 2020, we will stop publishing rulesets with SHA-1 checksums. If you do not update to 3.4.2 or later, you will be stuck at the last ruleset with SHA-1 checksums. ***
- CVE-2019-12420 for Multipart Denial of Service Vulnerability
- CVE-2018-11805 for nefarious CF files can be configured to run system commands without any output or errors.
2019-09-05:Happy Birthday! Apache SpamAssassin turned 18.
2018-09-16: Apache SpamAssassin 3.4.2 has been released! This release contains numerous tweaks and bug fixes over the past three and 1/2 years including:
- sa-update now uses SHA-256 & SHA-512 hashing to verify rule updates;
- 4 new plugins; and
- Four CVE security bug fixes: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781.
2015-04-30: Apache SpamAssassin 3.4.1 has been released! Highlights include: improved automation to help combat spammers that are abusing new top level domains; tweaks to the SPF support to block more spoofed emails; increased character set normalization to make rules easier to develop and stop spammers from using alternate character sets to bypass tests; continued refinement to the native IPv6 support; and improved Bayesian classification with better debugging and attachment hashing.
2014-02-11: Apache SpamAssassin 3.4.0 has been released adding native support for IPv6, improved DNS Blocklist technology and support for massively-scalable Bayesian filtering using the Redis backend.
2011-06-16: Apache SpamAssassin 3.3.2 has been released, a minor new release primarily to support perl-5.12 and later.
2010-03-19: Apache SpamAssassin 3.3.1 has been released, a minor new release which adds some new rules.
2010-01-27: Apache SpamAssassin 3.3.0 has been released, a major new release!
2010-01-01: Y2K10 Rule Bug - Update Your Rules Now!
Versions of the FH_DATE_PAST_20XX rule released with versions of Apache SpamAssassin 3.2.0 thru 3.2.5 will trigger on most mail with a Date header that includes the year 2010 or later. The rule will add a score of up to 3.6 towards the spam classification of all email. You should take corrective action immediately; there are two easy ways to correct the problem:
- If your system is configured to use sa-update run sa-update now. An update is available that will correct the rule. No further action is necessary (other than restarting spamd or any service that uses SpamAssassin directly).
- Add "score FH_DATE_PAST_20XX 0" without the quotes to the end of your local.cf file to disable the rule.
If you require help updating your rules to correct this issue you are encouraged to ask for assistance on the Apache SpamAssassin Users' list. Users' mailing list info is here.
On behalf of the Apache SpamAssassin project I apologize for this error and the grief it may have caused you.
Regards,
Daryl C. W. O'Shea
VP, Apache SpamAssassin
2008-06-12: Apache SpamAssassin 3.2.5 has been released, a minor bug-fix release.
2008-01-05: Apache SpamAssassin 3.2.4 has been released.
2007-09-12: Apache SpamAssassin has won an InfoWorld "Best Of Open Source Software" BOSSIE Award, as the winner in the anti-spam category for 2007!
2007-08-09: Apache SpamAssassin 3.2.3 released!
2007-07-25: Apache SpamAssassin 3.2.2 released!
2007-06-11: Apache SpamAssassin 3.2.1 and 3.1.9 released! These releases contain a fix for a local user symlink-attack denial of service vulnerability for an uncommon spamd configuration, along with other fixes.
2007-05-02: Apache SpamAssassin 3.2.0 released! This release contains a significant number of changes and major enhancements -- please use it!
2007-02-14: Apache SpamAssassin 3.1.8 released! This release fixes security bug CVE-2007-0451, so is recommended.
2006-11-21: Apache SpamAssassin wins 'Best Linux-based Anti-spam Solution' at the Linux New Media Awards 2006, winning 69% of the vote.
2006-10-10: Apache SpamAssassin 3.1.7 released!
(The release announcement)2006-10-05: Apache SpamAssassin 3.1.6 released!
2006-08-30: Apache SpamAssassin 3.1.5 released!
2006-07-26: Apache SpamAssassin 3.1.4 released!
2006-06-06: Apache SpamAssassin 3.1.3 released! This is an important security release to fix CVE 2006-2447; read the advisory to see if you need to upgrade.
2006-06-05: Apache SpamAssassin 3.0.6 released! This is an important security release to fix CVE 2006-2447; read the advisory to see if you need to upgrade.
2006-05-25: Apache SpamAssassin 3.1.2 released!
(The release announcement)2006-03-11: Apache SpamAssassin 3.1.1 released!
(The release announcement)2006-02-21: Receiving three times as many votes as the closest contender, Apache SpamAssassin took top honors in the Anti-Spam category of Datamation's Product of the Year 2006.
2005-09-14: Apache SpamAssassin 3.1.0 released!
(The release announcement)2005-02-09: Receiving twice as many votes as the closest contender, Apache SpamAssassin took top honors in the Anti-Spam category of Datamation's Product of the Year 2005.
News about Apache SpamAssassin, and new releases, can be received by mail by subscribing to the "announce" mailing list. There is also an Atom feed.
|
|
Copyright © 2003-2024 The Apache Software Foundation. All rights reserved. Apache, Apache SpamAssassin, and the Apache SpamAssassin logo are registered trademarks or trademarks of The Apache Software Foundation in the U.S. and/or other countries. |