[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.2.2.html]
This announcement (June 13, 2017) includes changes that were released with an earlier update (June 10, 2017). The announcement was postponed to avoid confusion due to repeated notification.
Fixed in all supported releases:
Security: Berkeley DB versions 2 and later try to read settings from a file DB_CONFIG in the current directory. This undocumented feature may introduce undisclosed vulnerabilities resulting in privilege escalation with Postfix set-gid programs (postdrop, postqueue) before they chdir to the Postfix queue directory, and with the postmap and postalias commands depending on whether the user's current directory is writable by other users. This fix does not change Postfix behavior for Berkeley DB versions < 3, but it does reduce postmap and postalias 'create' performance with Berkeley DB versions 3.0 .. 4.6.
Fixed in Postfix 3.2 and later:
The SMTP server receive_override_options were not restored at the end of an SMTP session, after the options were modified by an smtpd_milter_maps setting of "DISABLE". Milter support remained disabled for the life time of the smtpd process.
After the Postfix 3.2 address/domain table lookup overhaul, the check_sender_access and check_recipient_access features ignored a non-default parent_domain_matches_subdomains setting.
Fixed in Postfix 3.1 and later:
Compatibility: some Milter applications do not recognize single-character macro names when Postfix sends these as {name}. Postfix now sends such macros without {} as it has done historically.
Fixed in Postfix 3.0 and later:
Compatibility: prevent MIME downgrade of Postfix-generated message/delivery status. It's supposed to be 7bit, therefore quoted-printable encoding is not expected, and can result in users seeing garbled non-delivery reports.
You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.