felicity at apache
Feb 14, 2007, 2:33 PM
Post #1 of 1
Apache SpamAssassin 3.1.8 is now available! This is a maintenance and
ANNOUNCE: Apache SpamAssassin 3.1.8 available!
security release of the 3.1.x branch. It is highly recommended that
people upgrade to this version.
Downloads are available from:
The release file will also be available via CPAN in the near future.
md5sum of archive files:
sha1sum of archive files:
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release [at] spamassassin>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.1.8 is a major bug-fix release, including a potential DoS. The major
- bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly
long URIs found in the message content.
- bug 5240: disable perl module usage in update channels unless
--allowplugins is specified
- bug 5288: files with names starting/ending in whitespace weren't usable
- bug 5056: remove Text::Wrap related code due to upstream issues
- bug 5145: update spamassassin and sa-learn to better deal with STDIN
- bug 5140 and 5179: improvements and bug fixes related to DomainKeys
and DKIM support
- several updates for Received header parsing
- several documentation updates and random taint-variable related issues
A more detailed change log can be read here:
Randomly Selected Tagline:
"I have a simple test to determine if any windows executable that I
received via E-mail is a virus or not: If I received it, it's a virus."
- Charlie Watts on the SpamAssassin mailing list