Commit | Line | Data |
---|---|---|
79d4bc3d PP |
1 | Preamble |
2 | ======== | |
3 | ||
4 | Normally The Exim Maintainers ensure that a configuration which works | |
5 | with version N will work with version N+1, within a major version number | |
6 | (eg, 4). | |
7 | ||
8 | Occasionally this will not be the case; usually, those changes will be | |
9 | at the end of a long notice period where admins have been encouraged to | |
10 | move away and even then, we are hesitant to fully break things without | |
11 | strong cause to move away. | |
12 | ||
13 | This does not apply to "experimental" features, which can be withdrawn | |
14 | or changed with little notice, although we still endeavour to limit | |
15 | that. We may choose to note those changes here too. | |
16 | ||
17 | The most likely cause of a backwards-incompatible change is a security | |
18 | improvement, where the benefits for everyone strongly outweigh the needs | |
19 | of the few. | |
20 | ||
21 | ||
22 | Changes | |
23 | ======= | |
24 | ||
25 | Exim version 4.73 | |
26 | ----------------- | |
27 | ||
28 | * The Exim run-time user can no longer be root; this was always | |
29 | strongly discouraged, but is now prohibited both at build and | |
30 | run-time. If you need Exim to run routinely as root, you'll need to | |
31 | patch the source and accept the risk. Here be dragons. | |
32 | ||
33 | * Exim will no longer accept a configuration file owned by the Exim | |
34 | run-time user, unless that account is explicitly the value in | |
35 | CONFIGURE_OWNER, which we discourage. Exim now checks to ensure that | |
36 | files are not writable by other accounts. | |
37 | ||
2cfd3221 PP |
38 | * The ALT_CONFIG_ROOT_ONLY build option is no longer optional and is forced |
39 | on; the Exim user can, by default, no longer use -C/-D and retain privilege. | |
40 | Two new build options mitigate this. | |
41 | ||
90b6341f | 42 | * TRUSTED_CONFIG_LIST defines a file containing a whitelist of config |
7f7f0545 DW |
43 | files that are trusted to be selected by the Exim user; one per line. |
44 | This is the recommended approach going forward. | |
2cfd3221 PP |
45 | |
46 | * WHITELIST_D_MACROS defines a colon-separated list of macro names which | |
47 | the Exim run-time user may safely pass without dropping privileges. | |
48 | Because changes to this involve a recompile, this is not the recommended | |
49 | approach but may ease transition. The values of the macros, when | |
50 | overriden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$ | |
79d4bc3d PP |
51 | |
52 | * The system_filter_user option now defaults to the Exim run-time user, | |
53 | rather than root. You can still set it explicitly to root and this | |
54 | can be done with prior versions too, letting you roll versions | |
55 | without needing to change this configuration option. | |
56 | ||
2cfd3221 PP |
57 | * ClamAV must be at least version 0.95 unless WITH_OLD_CLAMAV_STREAM is |
58 | defined at build time. | |
59 |