All releases of fetchmail
Release Notes: This release fixes a few minor bugs, improves OpenSSL error reporting, and adds an Esperanto translation.
Release Notes: Compilation with OpenSSL implementations before 0.9.8m lacking SSL_CTX_clear_options() works again, but is neither supported nor recommended. The combination of "--plugin" and "-f -" was fixed. Logfile vs. syslog handling was cleaned up. Other minor changes were made.
Release Notes: A security issue where a misinterpreted server response could allow DoS and data theft in NTLM authentication was fixed. This issue was reported as CVE-2012-3482. The false disabling of a countermeasure against plaintext attacks in block ciphers was fixed. Various other minor fixes were made.
Release Notes: A NUL byte insertion bug in the IMAP client, which occurred when the last line of the input had no LF and no CRLF termination, was fixed.
Release Notes: This release fixes a STARTTLS denial of service vulnerability (CVE-2011-1947). It reduces repetitions in "unseen" message logging and speeds up IMAP fetches with full mailboxes quite a bit. Fetchmail now sets its Internet sockets to keepalive mode, to detect disconnections, and resolves MD5-related build problems.
Release Notes: Several multidrop fixes were made. "--antispam" now works from the command line. A workaround for documentation builds with broken XHTML 1.1 DTD installations was put in place. STARTTLS handling was improved. IMAP now understands empty strings as FETCH response.
Release Notes: Security improvements were made to wildcard handling of X.509 certificates. False warnings of insecure SSL/TLS connections were eliminated. Timeouts are now applied to the STARTTLS/STLS authentication stage. GSSAPI authentication is now properly cancelled on GSS errors. Logging behavior for connection attempts was improved. Accidental use of libmd5 was removed. Other minor improvements and fixes were made. Translations were updated.
Release Notes: This release fixes a long-standing (since 4.X or 5.X) DoS vulnerability in verbose mode in multi-byte locales. It also fixes a regression in the rcfile parser (since 6.3.0) that misparsed some rc files. It adds a new --sslcertfile option for bundle CA cert files. Many compiler warnings were fixed, and SSL/TLS usability was improved. fetchmailconf no longer loses the "invisible" setting. Translations have been updated.
Release Notes: This release improves SSL compatibility with sites whose certificates do not use one of the mandatory ciphers (f. i. SHA256), and fixes an --interface regression introduced in 6.3.15.
Release Notes: This release adds "--bad-header=accept" to download messages that used to trigger "incorrect header line found". "local" now works as an abbreviation for "localdomains", as documented. --nosoftbounce and --nobounce now work from the command line. h_errno is now properly imported from the OS, fixing Cygwin warnings. "make check" now skips validating documents if required tools/data are missing. The documentation on user ID switching for --mda was clarified in the man page. Translations have been updated. The source code repository was converted to Git and is now hosted at Gitorious.
