From msk at trusteddomain.org  Thu Apr 29 13:22:04 2021
From: msk at trusteddomain.org (Murray S. Kucherawy)
Date: Thu, 29 Apr 2021 13:22:04 -0700 (PDT)
Subject: [opendmarc-announce] OpenDMARC v1.4.1 released
Message-ID: <202104292022.13TKM4kZ091148@medusa.blackops.org>

The Trusted Domain Project is pleased to announce the availability of
OpenDMARC v1.4.1 now available for download from GitHub.

This is mainly an extensive bug fix release.  Upgrade is recommended.

This release was almost entirely driven by contributions from the user
community.  We thank those contributors for their ongoing support.

The full RELEASE_NOTES for this version, showing changes since the last
release:

1.4.1		2021/04/29
	NOTE: In response to CVE-2019-20790, opendmarc has changed
		how it evaluates headers added by previous
		SPF milters.  Users are encouraged to read the
		CVE-2019-20790 file in the "SECURITY" folder
		for more details. (#49, #158).  Originally reported by
		Jianjun Chen, feedback by Simon Wilson and
		David B??rgin <dbuergin at gluet.ch>.
	NOTE: OpenDMARC's internal SPF handling will be removed
		in a future version.  Users are encouraged to
		build linked against libspf2.  Many pre-built 
		packages provided by OS packagers already do this.
		(See https://www.libspf2.org)
	Addition of defines for MUSL C Library. (#129/#133).  Patches by
		Marco Rebhan.
	Updated opendmarc.conf manpage and opendmarc.conf.sample to point to 
		https://publicsuffix.org/list/.
	Added a CONTRIBUTING document.
	Fix two #ifdefs in arc functions for strlcpy. (#138).  Reported by
		Leo Bicknell.
	Fixes to MySQL Schema (#98/#99).  Patch by Bond Keevil.
	LIBSPF2 calls would not compile on OpenBSD due to OpenBSD not 
		having the ns_type definition in arpa/resolv.h.
		Added detection to configure script.  (#134)
	Reworked hcreate_r calls to use hcreate, to compile natively on
		OpenBSD and MacOS. (Part of #94)  Reported by Rupert
		Gallagher.
	Add compatibility with AutoConf 2.70. (#95)  
	Documentation updates about SourceForge being deprecated.  (#101)
	Only accept results from Received-SPF fields that indicate clearly
		which identifier was being evaluated, since DMARC specifically
		only wants results based on MAIL FROM.
        Many build-time fixes (#100, #91, #90, #86, #85, #84, #83, #82, #81)
		Patches provided by Rupert Gallagher (ruga at protonmail.com)
	Added config option HoldQuarantinedMessages (default false), which
		controls if messages with p=quarantine will be passed on to 
		the mail stream (if False) or placed in the MTA's "hold" 
		queue (if True).  Issue #105.  Patch by Marcos Moraes, on
		the OpenDMARC mailing list.
	Remove "--with-wall" from "configure".  Suggested by Leo Bicknell.
	LIBOPENDMARC: Fix bug #50: Ignore all RRTYPEs other than TXT.
		Problem reported by Jan Bouwhuis.
	LIBOPENDMARC: Fix bug #89: Repair absurd RRTYPE test in SPF code.
	LIBOPENDMARC: Fix bug #104: Fix bogus header field parsing code.
	LIBOPENDMARC: Fix bug #161: Don't pass the client IP address through
		htonl() since it's already in network byte order.  This
		was causing SPF errors when the internal SPF
		implementation was in use.
	LIBOPENDMARC: Fix numerous problems with the internal SPF
		implementation.

Please use the trackers on GitHub at:

https://github.com/trusteddomainproject/OpenDMARC/issues

to file problem reports, or the mailing lists for more general discussion
and questions.

Older versions of this project used SourceForge and/or Freshmeat, which are
officially deprecated.  If you had submitted an issue there, please see if
it is still relevant and consider re-filing it as a GitHub issue.


The Trusted Domain Project