Version 6.4.6 Release Notes

Release Date: 5 November, 2018

Resolved Issues (6.4.6)

An issue was resolved where Postfix and Sendmail were vulnerable to CVE-2011-1473. Both the MTAs now support TLS renegotiations up to two times only (PMX-208).
Added logging capability to PPM to aid troubleshooting when packages are not updating (PMX-109).
The PMX admin can now enable password support (requirepass) in Redis. Documentation updated to reflect this, see Installing Sender History Database and Configuring Delay Queue (PMX-834).
A vulnerability in the version of Apache used by PMX was resolved (CVE-2017-9798) (PMX-856).
Note: PMX was not vulnerable to this if user did not change the supplied configuration.
Three vulnerabilities in the version of OpenSSL used by PMX were resolved (CVE-2018-0737, CVE-2018-0732 and CVE-2018-0739) (PMX-857).