Apache SpamAssassin 3.4.6 Release Fixes Two Potentially Aggravating Bugs
- by Brittany Day
On April 12, 2021, the Apache SpamAssassin Project announced the release of Apache SpamAssassin Version 3.4.6 mitigating two small but potentially annoying bugs introduced in Version 3.4.5, which was created to fix a few security vulnerabilities just a few weeks ago.
A Quick Introduction to Apache SpamAssassin
Apache SpamAssassin is a mature, widely-deployed open-source project that serves as a mail filter to identify spam. SpamAssassin leverages a combination of mail header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. SpamAssassin’s flexible modular architecture makes the framework compatible with a wide array of other technologies
Apache SpamAssassin typically runs on a server, classifying and labeling spam before it reaches your mailbox, while allowing other components of a mail system to act on its results.
Portability, robustness and facilitated maintenance are among the key benefits that Apache SpamAssassin offers.
What’s New in Apache SpamAssassin Version 3.4.6?
While the release of Apache SpamAssassin doesn’t include any groundbreaking new features, configuration options or Internal changes, it does feature mitigations for two minor - but potentially aggravating - bugs introduced in Version 3.4.5. Sidney Markowitz, Apache SpamAssassin PMC Chair, stated in a recent announcement email:
Apache SpamAssassin 3.4.6 fixes two small but potentially annoying bugs in 3.4.5
*** On March 1, 2020, we stopped publishing rulesets with SHA-1 signatures.
If you do not update to 3.4.2 or later, you will be stuck at the last
ruleset with SHA-1 signatures. Such an upgrade should be to 3.4.6 to
obtain the contained security fixes ***
*** Ongoing development on the 3.4 branch has ceased. All future releases
and bug fixes will be on the 4.0 series, unless a new security issue
is found that necessitates a 3.4.7 release. ***
Many thanks to the committers, contributors, rule testers, mass checkers,
and code testers who have made this release possible.
This release includes fixes for the following:
- Fixed URIDNSBL not triggering meta rules
- Fix false positive in T_KAM_HTML_FONT_INVALID on CSS color !important
Downloading and availability
Downloads are available from:
The Bottom Line
The release of Apache SpamAssassin Version 3.4.6 is fairly mundane when it comes to features, improvements and optimizations. That being said, the release does introduce fixes for two small but potentially annoying security bugs introduced in Version 3.4.5. Upgrading is quick, easy and free and stands to make your SpamAssassin user experience more pleasant and hassle-free. All in all, it seems like the logical decision to make the switch to Apache SpamAssassin Version 3.4.6.
Must Read Blog Posts
- Complete Guide to Email Viruses & Best Practices to Avoid Infections
- Microsoft 365 Email Security Limitations You Should Know
- Shortcomings of Endpoint Security in Securing Business Email
- What You Need to Know to Shield Your Business from Ransomware
- Demystifying Phishing Attacks: How to Protect Yourself Now
Latest Blog Articles
- How a Recession Will Change the Cybersecurity Landscape
- The Impact of Artificial and Human Intelligence on Email Security
- Ransomware Attacks on Schools Average 3 Weeks Downtime, 9 Months to Recover
- PCI DSS Compliance for Cloud Services - Everything You Should Know
- Email Security Best Practices to Safeguard Your Business in 2023
- Shadow IT and the Future of Cybersecurity
- Guardian Digital Perspective on Gartner’s Top Cyber Predictions for 2023
- Ransomware Gangs: Lapsus$
- What Is Deepfake Phishing?
- Is Your Organization Vulnerable to Account Takeover?