Email Security Intelligence - Apache SpamAssassin 3.4.6 Release Fixes Two Potentially Aggravating Bugs

On April 12, 2021, the Apache SpamAssassin Project announced the release of Apache SpamAssassin Version 3.4.6 mitigating two small but potentially annoying bugs introduced in Version 3.4.5, which was created to fix a few security vulnerabilities just a few weeks ago.

A Quick Introduction to Apache SpamAssassin

Apache SpamAssassin is a mature, widely-deployed open-source project that serves as a mail filter to identify spam. SpamAssassin leverages a combination of mail header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. SpamAssassin’s flexible modular architecture makes the framework compatible with a wide array of other technologies

Apache SpamAssassin typically runs on a server, classifying and labeling spam before it reaches your mailbox, while allowing other components of a mail system to act on its results.

Portability, robustness and facilitated maintenance are among the key benefits that Apache SpamAssassin offers.

What’s New in Apache SpamAssassin Version 3.4.6?

While the release of Apache SpamAssassin doesn’t include any groundbreaking new features, configuration options or Internal changes, it does feature mitigations for two minor - but potentially aggravating - bugs introduced in Version 3.4.5. Sidney Markowitz, Apache SpamAssassin PMC Chair, stated in a recent announcement email:


Apache SpamAssassin 3.4.6 fixes two small but potentially annoying bugs in 3.4.5

*** On March 1, 2020, we stopped publishing rulesets with SHA-1 signatures.

If you do not update to 3.4.2 or later, you will be stuck at the last

ruleset with SHA-1 signatures. Such an upgrade should be to 3.4.6 to

obtain the contained security fixes ***


*** Ongoing development on the 3.4 branch has ceased. All future releases

and bug fixes will be on the 4.0 series, unless a new security issue

is found that necessitates a 3.4.7 release. ***


Many thanks to the committers, contributors, rule testers, mass checkers,

and code testers who have made this release possible. 


Notable changes


This release includes fixes for the following:

  - Fixed URIDNSBL not triggering meta rules

  - Fix false positive in T_KAM_HTML_FONT_INVALID on CSS color !important 


Downloading and availability


Downloads are available from:

The Bottom Line

The release of Apache SpamAssassin Version 3.4.6 is fairly mundane when it comes to features, improvements and optimizations. That being said, the release does introduce fixes for two small but potentially annoying security bugs introduced in Version 3.4.5. Upgrading is quick, easy and free and stands to make your SpamAssassin user experience more pleasant and hassle-free. All in all, it seems like the logical decision to make the switch to Apache SpamAssassin Version 3.4.6.

Must Read Blog Posts

Latest Blog Articles