[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-2.9.6.html]
Postfix stable release 2.9.6, and legacy releases 2.8.14, 2.7.13, 2.6.19 are available. They contain fixes and workarounds that are also part of Postfix 2.10.
Postfix 2.9:
Thanks to OpenSSL documentation, the Postfix 2.9.0..2.9.5 SMTP client and server used an incorrect procedure to compute TLS certificate PUBLIC-KEY fingerprints (these may be used in the check_ccert_access and in smtp_tls_policy_maps features). Support for certificate PUBLIC-KEY finger prints was introduced with Postfix 2.9; there is no known problem with the certificate fingerprint algorithms available since Postfix 2.2.
Specify "tls_legacy_public_key_fingerprints = yes" temporarily, pending a migration from configuration files with incorrect Postfix 2.9.0..2.9.5 certificate PUBLIC-KEY finger prints, to the correct fingerprints used by Postfix 2.9.6 and later.
See the RELEASE_NOTES file for more details.
All supported releases:
The postconf(1) master.cf parser didn't support "clusters" of daemon command-line option letters.
The local(8) delivery agent dereferenced a null pointer while delivering to null command (for example, "|" in a .forward file). Reported by Gilles Chehade.
A memory leak fix for tls_misc.c was documented but not included.
You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.