Apache SpamAssassin 3.4.6 Release Fixes Two Potentially Aggravating Bugs
- by Brittany Day

On April 12, 2021, the Apache SpamAssassin Project announced the release of Apache SpamAssassin Version 3.4.6 mitigating two small but potentially annoying bugs introduced in Version 3.4.5, which was created to fix a few security vulnerabilities just a few weeks ago.
A Quick Introduction to Apache SpamAssassin
Apache SpamAssassin is a mature, widely-deployed open-source project that serves as a mail filter to identify spam. SpamAssassin leverages a combination of mail header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. SpamAssassin’s flexible modular architecture makes the framework compatible with a wide array of other technologies
Apache SpamAssassin typically runs on a server, classifying and labeling spam before it reaches your mailbox, while allowing other components of a mail system to act on its results.
Portability, robustness and facilitated maintenance are among the key benefits that Apache SpamAssassin offers.
What’s New in Apache SpamAssassin Version 3.4.6?
While the release of Apache SpamAssassin doesn’t include any groundbreaking new features, configuration options or Internal changes, it does feature mitigations for two minor - but potentially aggravating - bugs introduced in Version 3.4.5. Sidney Markowitz, Apache SpamAssassin PMC Chair, stated in a recent announcement email:
Apache SpamAssassin 3.4.6 fixes two small but potentially annoying bugs in 3.4.5
*** On March 1, 2020, we stopped publishing rulesets with SHA-1 signatures.
If you do not update to 3.4.2 or later, you will be stuck at the last
ruleset with SHA-1 signatures. Such an upgrade should be to 3.4.6 to
obtain the contained security fixes ***
*** Ongoing development on the 3.4 branch has ceased. All future releases
and bug fixes will be on the 4.0 series, unless a new security issue
is found that necessitates a 3.4.7 release. ***
Many thanks to the committers, contributors, rule testers, mass checkers,
and code testers who have made this release possible.
Notable changes
---------------
This release includes fixes for the following:
- Fixed URIDNSBL not triggering meta rules
- Fix false positive in T_KAM_HTML_FONT_INVALID on CSS color !important
Downloading and availability
----------------------------
Downloads are available from:
https://spamassassin.apache.org/downloads.cgi
The Bottom Line
The release of Apache SpamAssassin Version 3.4.6 is fairly mundane when it comes to features, improvements and optimizations. That being said, the release does introduce fixes for two small but potentially annoying security bugs introduced in Version 3.4.5. Upgrading is quick, easy and free and stands to make your SpamAssassin user experience more pleasant and hassle-free. All in all, it seems like the logical decision to make the switch to Apache SpamAssassin Version 3.4.6.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Complete Guide to Email Viruses & Best Practices to Avoid Infections in 2023
- How Phishing Emails Bypass Microsoft 365 Default Security
Latest Blog Articles
- What To Prioritize In Ransomware Protection
- Cybersecurity Mistakes That Could Cost You Your Job
- Top Microsoft 365 Security Concerns & How To Overcome Them
- Why Cybercrime Continues to Thrive, And What You Can Do About It
- Top Malware Strains and How to Mitigate Them
- What is the Difference Between SIEM and SOAR?
- SPF, DKIM & DMARC: What Are They & How Do They Secure Email Against Sender Fraud?
- Assessing the ROI of Your Email Security Solution
- What is a Brute-Force Attack?
- How Guardian Digital Stops Impersonation Attacks