Release Notes: Compilation with OpenSSL implementations before 0.9.8m lacking SSL_CTX_clear_options() works again, but is neither supported nor recommended. The combination of "--plugin" and "-f -" was fixed. Logfile vs. syslog handling was cleaned up. Other minor changes were made.
Release Notes: A security issue where a misinterpreted server response could allow DoS and data theft in NTLM authentication was fixed. This issue was reported as CVE-2012-3482. The false disabling of a countermeasure against plaintext attacks in block ciphers was fixed. Various other minor fixes were made.
Release Notes: Several multidrop fixes were made. "--antispam" now works from the command line. A workaround for documentation builds with broken XHTML 1.1 DTD installations was put in place. STARTTLS handling was improved. IMAP now understands empty strings as FETCH response.
Release Notes: Security improvements were made to wildcard handling of X.509 certificates. False warnings of insecure SSL/TLS connections were eliminated. Timeouts are now applied to the STARTTLS/STLS authentication stage. GSSAPI authentication is now properly cancelled on GSS errors. Logging behavior for connection attempts was improved. Accidental use of libmd5 was removed. Other minor improvements and fixes were made. Translations were updated.
Release Notes: This release fixes a long-standing (since 4.X or 5.X) DoS vulnerability in verbose mode in multi-byte locales. It also fixes a regression in the rcfile parser (since 6.3.0) that misparsed some rc files. It adds a new --sslcertfile option for bundle CA cert files. Many compiler warnings were fixed, and SSL/TLS usability was improved. fetchmailconf no longer loses the "invisible" setting. Translations have been updated.
Release Notes: This release adds "--bad-header=accept" to download messages that used to trigger "incorrect header line found". "local" now works as an abbreviation for "localdomains", as documented. --nosoftbounce and --nobounce now work from the command line. h_errno is now properly imported from the OS, fixing Cygwin warnings. "make check" now skips validating documents if required tools/data are missing. The documentation on user ID switching for --mda was clarified in the man page. Translations have been updated. The source code repository was converted to Git and is now hosted at Gitorious.
Release Notes: A malloc() buffer overrun was resolved, so that SSL/TLS certificate information is now always reported properly. The IMAP client no longer skips messages if fetchmail's "idle" is in use. The SMTP client now recovers from errors when sending an RSET command. Several other IMAP improvements were made. A FreeBSD build warning was resolved. Documentation was improved.
Release Notes: A regression causing messages to be left on the server even if softbounce was turned off was fixed. Translations were updated.
Release Notes: Permanently undelivered messages are no longer dropped by default. The new "softbounce" global option controls this behavior. Progress tickers were made consistent. Non-delivery notices ("bounce mails") now mention the original reason again. The minimum recommended SMTP (RFC-5321) timeouts are enforced to leave sufficient time for the listener to respond. The comparison of SSL fingerprints is now case-insensitive. Attempts were made to be operational with Yahoo's Zimbra servers. Many other minor modifications and bugfixes were made.
Release Notes: The fixes for the password leak in 6.3.6 unfortunately entailed two regressions: KPOP became non-functional, and a POP3+TLS connection loss would not lead to a retry without TLS if TLS was optional for the connection. These bugs have been fixed.