To my knowledge, there are no security issues in version 4.3.1. I've since fixed several bugs that can cause crashes, but nothing I can imagine could be a security risk.
There have been recent bugs in OpenSSL and glibc; those libraries should definitely be upgraded anyway. spamdyke loads the libraries dynamically, which means they aren't included in the spamdyke binary, so just upgrading them should be enough -- the next time spamdyke starts (when the next remote server connects) it'll load the new version(s). If it's any consolation, spamdyke isn't vulnerable to the recent glibc "GHOST" bug -- the last version to use the vulnerable gethostbyname() function was 3.0.1, back in 2007. -- Sam Clippinger On Feb 2, 2015, at 3:40 PM, Faris Raouf via spamdyke-users <spamdyke-users@spamdyke.org> wrote: > Dear all, > > Forgive me for asking this question – I’m not a coder. > > I’ve noticed that a few systems I look after use Spamdyke 4.3.1, compiled > back in 2012 or 2013. > > Are there any security issues with this version? > > Would any of the various vulnerabilities found in certain ancillary linux > packages over the past few years have any impact (i.e. I’m wondering if I > should recompile). > > > > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
