On 2025-07-11 15:36:39, Damian wrote: > Hello amavis users, > > we have a new amavis 2.14.0 release. See [1] for details. > > [1] https://gitlab.com/amavis/amavis/-/blob/v2.14.0/RELEASE_NOTES
Thanks for this. To clarify, the fix for CVE-2024-28054 requires a configuation change, right? The README suggests that it was added to the default configuation, but (splitting hairs) it looks like it was only added to the default amavisd.conf, and not to the baked-in defaults. If you've written your own amavisd.conf, I think you need to add the new defang_by_ccat line?
