All Versions
18
Latest Version
Avg Release Cycle
37 days
Latest Release
82 days ago

Changelog History
Page 1

  • v6.7.1.p1

    May 21, 2020
    • 🛠 fixes a packaging issue causing asr.h to be installed in target system
    • 🛠 fixes a possible crash in the MTA when establishing IPv6 connections
  • v6.7.0.p1

    May 13, 2020
  • v6.6.4.p1

    February 24, 2020

    🚀 SECURITY RELEASE

    An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

  • v6.6.3.p1

    February 10, 2020

    🚀 Following the 6.6.2p1 release, various improvements were done in OpenBSD -current to mitigate the risk of similar bugs.

    🚀 This release back-ports them to the portable version of OpenSMTPD.

  • v6.6.2

    January 28, 2020
  • v6.6.2.p1

    January 28, 2020

    🛠 This is CRITICAL security bugfix for CVE-2020-7247

    Read more details in this blog post

  • v6.6.1

    November 05, 2019

    🚀 release synchronized to 6.6.1 bump in the OpenBSD tree.

  • v6.6.1.p1

    November 06, 2019

    🚀 Changes in this release (since 6.6.0p1)

    🛠 This is a bugfix release. No new features were added.

    • 🛠 Fixed crash on recipient expansion #968
    • 🛠 Fixed broken build with LibreSSL #944
    • 🛠 Fixed crash in arc4random caused by differences in OpenSSL vs LibreSSL compatibility layer plumbing #958
    • 🛠 Fixed issue where from any rules never matched by IPv6 sources #969
    • 🛠 Fixed crash that happened during mail relay on musl distros #929
    • 🛠 Fixed multiple compilation warnings
      #965 #966 #967 #978 #977 #975
  • v6.6.0

    October 13, 2019
  • v6.6.0.p1

    October 26, 2019

    Dependencies note:

    🚀 This release builds with LibreSSL > 3.0.2 or OpenSSL > 1.1.0.

    ✅ It's preferable to depend on LibreSSL as OpenSMTPD is written and tested with that dependency. In addition, the features parity is not respected, some features will not be available with OpenSSL, like ECDSA server-side 🚀 certificates support in this release. OpenSSL library is considered as a best effort target TLS library and provided as a commodity, LibreSSL has become our target TLS library.

    🚀 Changes in this release (since 6.4.0):

    • 📚 various improvements to documentation and code
    • reverse dns session matching criteria added to smtpd.conf(5)
    • 👍 regex table lookup support added to smtpd.conf(5)
    • 👍 introduced support for ECDSA certificates with an ECDSA privsep engine
    • introduced builtin filters for basic filtering of incoming sessions
    • introduced option to deliver junk to a Junk folder in mail.maildir(8)
    • 🛠 fixed the smtp(1) client so it uses correct default port for SMTPS
    • 🛠 fixed an smtpd(8) crash on excessively large input
    • ensured mail rejected by an LMTP server stay queued

    Experimental features:

    • introduced a filters API to allow writing standalone filters for smtpd
    • 👍 introduced proxy-v2 support allowing smtpd to operate behind a proxy