From: Phil Pennock Date: Sat, 11 Jan 2020 23:51:28 +0000 (-0500) Subject: Warn updating folks to use $local_part_verified X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/ebcf27afb54c7dc93a3a4a76487a597ec153e9b5?hp=9e21ce8fc41aea068996e0a22093dfae33f542c7 Warn updating folks to use $local_part_verified This tainting change to appendfile seems likely to cause pain, breaking previously working configurations. Note it in README.UPDATING. --- diff --git a/src/README.UPDATING b/src/README.UPDATING index db754da40..94a1420eb 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -25,6 +25,18 @@ there have been two big upheavals... The rest of this document contains information about changes in 4.xx releases that might affect a running system. + +Exim version 4.94 +----------------- + +Some Transports now refuse to use tainted data in constructing their delivery +location; this WILL BREAK configurations which are not updated accordingly. + +In particular: any Transport use of $local_user which has been relying upon +check_local_user far away in the Router to make it safe, should be updated to +replace $local_user with $local_part_verified. + + Exim version 4.93 -----------------