From ebcf27afb54c7dc93a3a4a76487a597ec153e9b5 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Sat, 11 Jan 2020 18:51:28 -0500 Subject: [PATCH 1/1] Warn updating folks to use $local_part_verified This tainting change to appendfile seems likely to cause pain, breaking previously working configurations. Note it in README.UPDATING. --- src/README.UPDATING | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/README.UPDATING b/src/README.UPDATING index db754da40..94a1420eb 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -25,6 +25,18 @@ there have been two big upheavals... The rest of this document contains information about changes in 4.xx releases that might affect a running system. + +Exim version 4.94 +----------------- + +Some Transports now refuse to use tainted data in constructing their delivery +location; this WILL BREAK configurations which are not updated accordingly. + +In particular: any Transport use of $local_user which has been relying upon +check_local_user far away in the Router to make it safe, should be updated to +replace $local_user with $local_part_verified. + + Exim version 4.93 ----------------- -- 2.30.2