[An on-line version of this announcement will be available at

This announcement (June 13, 2017) includes changes that were released
with an earlier update (June 10, 2017). The announcement was postponed
to avoid confusion due to repeated notification.

Fixed in all supported releases:

  * Security: Berkeley DB versions 2 and later try to read settings
    from a file DB_CONFIG in the current directory. This undocumented
    feature may introduce undisclosed vulnerabilities resulting in
    privilege escalation with Postfix set-gid programs (postdrop,
    postqueue) before they chdir to the Postfix queue directory,
    and with the postmap and postalias commands depending on whether
    the user's current directory is writable by other users. This
    fix does not change Postfix behavior for Berkeley DB versions
    < 3, but it does reduce postmap and postalias 'create' performance
    with Berkeley DB versions 3.0 .. 4.6.

Fixed in Postfix 3.2 and later:

  * The SMTP server receive_override_options were not restored at
    the end of an SMTP session, after the options were modified by
    an smtpd_milter_maps setting of "DISABLE". Milter support
    remained disabled for the life time of the smtpd process.

  * After the Postfix 3.2 address/domain table lookup overhaul, the
    check_sender_access and check_recipient_access features ignored
    a non-default parent_domain_matches_subdomains setting.

Fixed in Postfix 3.1 and later:

  * Compatibility: some Milter applications do not recognize
    single-character macro names when Postfix sends these as {name}.
    Postfix now sends such macros without {} as it has done

Fixed in Postfix 3.0 and later:

  * Compatibility: prevent MIME downgrade of Postfix-generated
    message/delivery status. It's supposed to be 7bit, therefore
    quoted-printable encoding is not expected, and can result in
    users seeing garbled non-delivery reports.

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.


Reply via email to