[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-2.11.1.html]
Postfix stable release 2.11.1 is available. This release provides two bugfixes that affect Postfix 2.11 and later, and some code/documentation cleanup.
Bugfixes (fixed in Postfix 2.11 and Postfix 2.12):
With connection caching enabled (the default), recipients could be given to the wrong mail server. The root cause was an incorrect predicate. Due to this, the Postfix SMTP client could save and restore plaintext connections that should not be cached, under nonsensical lookup keys that did not distinguish by destination. Problem reported by Sahil Tandon.
Enforce TLS when TLSA records exist, but all are unusable.
Don't leak memory when TLSA records exist, but all are unusable.
Workarounds:
Prepend "-I. -I../../include" to the compiler command-line options, to avoid name clashes with non-Postfix header files.
Documentation cleanup:
Corrected postconf(1) manpage for missing version attribution and incorrect "author" formatting.
The documentation for Postfix > 2.8 TLS activity logging was incorrect. Loglevel 0 produces no logging. Instead, information is logged only with loglevel 1 or higher.
Logging cleanup:
The TLS client logged that an "Untrusted" TLS connection was established instead of "Anonymous".
For consistency, TLS policy lookup errors are now logged as warnings.
You can find the Postfix source code at the mirrors listed at http://www.postfix.org/.