More than 6 years since the last update
Among
- Added support for TLS 1.1, 1.2 and 1.3 (-sslproto {tls1.1+|tls1.2+|tls1.3+}). Build with OpenSSL is enabled by default (requires at least branch 1.0.2 for operation, and 1.3 for TLSv1.1.1). Support for SSLv2 has been dropped. By default, STLS/STARTTLS declares TLSv3 instead of SSLv1.0 and TLSv1.1. Reverting SSLv3 requires using OpenSSL with SSLv3 support left and running fetchmail with the "--sslproto ssl3+" flag.
- By default, the SSL certificate verification mode is enabled (-sslcertck). To disable the check, you now explicitly need to specify the "--nosslcertck" option;
- Dropped support for very old C compilers. Build now requires a compiler that supports the 2002 SUSv3 standard (Single Unix Specification v3, a subset of POSIX.1-2001 with XSI extensions);
- Improved efficiency of tracking UID ("-keep UID" mode) when distributing messages from a mailbox over POP3;
- Numerous improvements related to the support of encrypted connections have been made;
- Addressed a vulnerability that could lead to a buffer overflow in the GSSAPI authentication code when manipulating usernames that are longer than 6000 characters.
Supplement:
Source: opennet.ru