Ukukhutshwa kweqonga lokucoca ugaxekile kuyafumaneka - SpamAssassin 3.4.5. I-SpamAssassin iphumeza indlela edibeneyo yokugqiba ukuba ibhlokile: umyalezo uxhomekeke kwinani leetshekhi (uhlalutyo lomxholo, uluhlu lwe-DNSBL olumnyama nolumhlophe, abahluli abaqeqeshiweyo baseBayesi, ukukhangela utyikityo, ukuqinisekiswa komthumeli usebenzisa i-SPF kunye ne-DKIM, njl.). Emva kokuvavanya umyalezo usebenzisa iindlela ezahlukeneyo, i-coefficient ethile yobunzima iqokelelwe. Ukuba i-coefficient ibalwayo ingaphezulu komda othile, umyalezo uyavalwa okanye uphawulwe njengogaxekile. Izixhobo zokuhlaziya ngokuzenzekelayo imithetho yokucoca ziyaxhaswa. Iphakheji ingasetyenziswa kuzo zombini iinkqubo zeklayenti kunye neseva. Ikhowudi ye-SpamAssassin ibhalwe kwi-Perl kwaye isasazwe phantsi kwelayisensi ye-Apache.
Olu khuphelo lutsha lulungisa ubuthathaka (CVE-2020-1946) obunokuvumela umhlaseli ukuba enze imiyalelo yenkqubo kwi umncedisi xa kufakwa imithetho yokuthintela engaqinisekiswanga efunyenwe kwimithombo yomntu wesithathu.
Phakathi kweenguqu ezingahambelani nokhuseleko luphuculo lomsebenzi we-plugins ye-OLEVBCro kunye ne-AskDNS, ukuphuculwa kwenkqubo yokudibanisa idatha kwi-Received and EnvelopeFrom headers, ukulungiswa kwe-userpref SQL schema, ikhowudi ephuculweyo yokukhangela kwi-rbl kunye ne-hashbl, kunye ne isisombululo kwingxaki ngeethegi ze-TxRep.
Kuqatshelwe ukuba uphuhliso lwe-3.4.x series luyekiwe kwaye utshintsho alusayi kufakwa kweli sebe. Ukukhutshwa kwenzelwe kuphela iipatches zobuthathaka, xa kwenzeka ukukhululwa kwe-3.4.6 kuya kuveliswa. Wonke umsebenzi womphuhlisi ugxininise ekuphuhliseni isebe le-4.0, eliza kuphumeza i-full-fledged eyakhelwe ngaphakathi kwi-UTF-8 processing.
umthombo: opennet.ru
