[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.5.2.html]
Postfix versions 3.5.2, 3.4.12, 3.3.10, 3.2.15:
A TLS error for a database client caused a false 'lost connection' error for an SMTP over TLS session in the same Postfix process. Reported by Alexander Vasarab, diagnosed by Viktor Dukhovni. This bug was introduced with Postfix 2.2.
The same bug existed in the tlsproxy(8) daemon, where a TLS error for one TLS session could cause a false 'lost connection' error for a concurrent TLS session in the same process. This bug was introduced with Postfix 2.8.
The Postfix build now disables DANE support on Linux systems with libc-musl such as Alpine, because libc-musl provides no indication whether DNS responses are authentic. This broke DANE support without a clear explanation.
Due to implementation changes in the ICU library, some Postfix daemons reported file access errrors (U_FILE_ACCESS_ERROR) after chroot(). This was fixed by initializing the ICU library before making the chroot() call.
Minor code changes to silence a compiler that special-cases string literals.
Postfix 3.5.2, 3.4.12:
Segfault (null pointer) in the tlsproxy(8) client role when the server role was disabled. This typically happened on systems that do not receive mail, after configuring connection reuse for outbound SMTP over TLS.
The date portion of the maillog_file_rotate_suffix default value used the minute (%M) instead of the month (%m). Reported by Larry Stone.
You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.