[exim-cvs] Warn updating folks to use $local_part_verified

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Warn updating folks to use $local_part_verified
Gitweb: https://git.exim.org/exim.git/commitdiff/ebcf27afb54c7dc93a3a4a76487a597ec153e9b5
Commit:     ebcf27afb54c7dc93a3a4a76487a597ec153e9b5
Parent:     9e21ce8fc41aea068996e0a22093dfae33f542c7
Author:     Phil Pennock <pdp@???>
AuthorDate: Sat Jan 11 18:51:28 2020 -0500
Committer:  Phil Pennock <pdp@???>
CommitDate: Sat Jan 11 18:51:28 2020 -0500


    Warn updating folks to use $local_part_verified


    This tainting change to appendfile seems likely to cause pain, breaking
    previously working configurations.  Note it in README.UPDATING.
---
 src/README.UPDATING | 12 ++++++++++++
 1 file changed, 12 insertions(+)


diff --git a/src/README.UPDATING b/src/README.UPDATING
index db754da..94a1420 100644
--- a/src/README.UPDATING
+++ b/src/README.UPDATING
@@ -25,6 +25,18 @@ there have been two big upheavals...
The rest of this document contains information about changes in 4.xx releases
that might affect a running system.

+
+Exim version 4.94
+-----------------
+
+Some Transports now refuse to use tainted data in constructing their delivery
+location; this WILL BREAK configurations which are not updated accordingly.
+
+In particular: any Transport use of $local_user which has been relying upon
+check_local_user far away in the Router to make it safe, should be updated to
+replace $local_user with $local_part_verified.
+
+
Exim version 4.93
-----------------