Re: [Fetchmail-users] using outdated fetchmail versions

[Matthias A. <mat...@gm...>]

Am 27.01.20 um 20:25 schrieb Joe Acquisto-j4:
> Long time no post.   I am several versions behind at 6.3.2  Upgrade requires various other upgrades as well.  If not required, at least sensible.
>
> While it is not supported any longer, perhaps the steps are similar.   I wish to retrieve all folders or, if that is not possible, to retrieve a specific folder along with the default folder.
>
> Or, must I fetch folders one by one?
>
> example syntax for ~/.fetchmail  would be nice as well.  I am waiting for the provider to supply the exact folder syntax.
>
> Thanks in advance.
>
Joe, I take your later message as "problem solved".

However, I'll take your message as a stepping stone for a general
message to the public:

running fetchmail 6.3.2 is a major problem in itself.
There have been 26 releases and more than 14 (fourteen!) years(!) since,
which includes fixes for critical and security-relevant bugs.

I find that also disrespectful versus the maintainer and contributors,
that's not what I (and others) am (are) spending my (their) spare time for.

This is just enumerating egrep SECURITY\|CRITICAL on fetchmail
6.4.2-rc2's NEWS file:

     1    ## SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY REQUIRE
RECONFIGURATION
     2    ## SECURITY FIXES
     3    # CRITICAL BUG FIX for setups using "mimedecode":
     4    # CRITICAL AND REGRESSION FIXES
     5    # SECURITY FIXES
     6    # CRITICAL BUG FIX
     7    # SECURITY BUG FIXES
     8    # SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
     9    # CRITICAL BUG FIXES AND REGRESSION FIXES
    10    # SECURITY FIX
    11    # SECURITY FIXES
    12    # SECURITY BUGFIXES
    13    # SECURITY AND CRITICAL BUG FIXES:
    14    # SECURITY STRENGTHENING:
    15    # SECURITY FIXES:
    16    # SECURITY FIX IN THIS RELEASE
    17    # SECURITY FIX IN THIS RELEASE
    18    # SECURITY FIXES IN THIS RELEASE

For details, read
https://gitlab.com/fetchmail/fetchmail/blob/legacy_64/NEWS - and make
sure that you schedule updates to supported versions of all operating
system and network applications that do not have known security bugs.