[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.7.5.html]
This will be the last update for Postfix version 3.4.
Fixed with Postfix 3.7.5, 3.6.9, 3.5.19:
Bugfix (problem introduced in Postfix 3.5): check_ccert_access did not handle inline map specifications. Report and fix by Sean Gallagher.
Fixed with Postfix 3.7.5, 3.6.9, 3.5.19, 3.4.29:
Bugfix (problem introduced in Postfix 3.4): the posttls-finger command failed to detect that a connection was resumed in the case that a server did not return a certificate. Fix by Viktor Dukhovni.
Workaround: OpenSSL 3.x EVP_get_cipherbyname() can return lazily-bound handles. Postfix now checks that the expected functionality will be available instead of failing later. Fix by Viktor Dukhovni.
Safety: the long form "{ name = value }" in import_environment or export_environment is not documented (with spaces around the '='), but it was silently accepted, and it was stored in the process environment as the invalid form "name = value", thus not setting or overriding an entry for "name". This form is now stored as the expected "name=value". Found during code maintenance.
Bugfix (problem introduced in Postfix 3.2): the MySQL client could return "not found" instead of "error" (for example, resulting in a 5XX SMTP status instead of 4XX) during the time that all MySQL server connections were turned down after error. Found during code maintenance.
You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.