Momentum 4.4.1 Changelog
Last updated May 2023
This section will list all of the major changes that happened with the release of Momentum 4.4.1. Depending on installation type, all changes may not be applicable
| Type | Ticket | Description |
|---|---|---|
| Fix | SD-2935 | Crash when outbound_throttle_messages is configured at the same time as core_mailq_throttle_message hook |
| Fix | SD-2995 | soft_bounce functionality periodically tries using an invalid connection handle causing a crash |
| Fix | SD-3070 | Fix transmission_id truncation when calling msg_gen_check_transmission_expiration_hook |
| Fix | SD-3167 | Fixed stack overflow in http2clnt module |
| Fix | SD-3263 | DKIM Oversigning to Avoid Replay Attacks |
| Fix | SD-3288 | Transmission API does not sanity check recipient list for empty array |
| Fix | SD-3335, SD-3374, SD-3775 | Files created from lu_pull are now all owned by ecuser |
| Fix | SD-3497 | DSNs are not Generated when RCPTO is Upper Case |
| Fix | SD-3535 | extract_sender_from_msg moved to msys namespace |
| Fix | SD-3606 | rcpt_to incorrect for "Unconfigured sending domain" rejection events for multi-recipient SMTP injections |
| Fix | SD-3619 | Fix crashes in Sieve when creating new messages |
| Fix | SD-3649 | Upgrade to latest jlog package |
| Fix | SD-3685 | Invalid write in outbound smtp auth when base64 encoded username + password is length of a power of 2 |
| Fix | SD-3702 | Incorrect DKIM signature for some large body messages |
| Fix | SD-3755 | Fixed bug that prevented more than one redirect lookup on SPF records |
| Security Fix | SD-2871 | Fix Error "Inconsistent nullness check" |
| Security Fix | SD-2873 | Fix Error " Dead code due to goto or break statement" alert |
| Security Fix | SD-2870 | Fix Error "Duplicate include guard" alert in Momentum |
| Security Fix | SD-2846 | Fix Critical "Non-constant format string" alerts in Momentum |
| Security Fix | SD-2847 | Fix Critical "Use of potentially dangerous function" alerts in Momentum |
| Security Fix | SD-2848 | Fix Critical "Unbounded write" alerts in Momentum |
| Security Fix | SD-2849 | Fix Critical "Potentially overrunning write" alerts in Momentum |
| Security Fix | SD-2850 | Fix critical "Static array access may cause overflow" alerts in Momentum |
| Security Fix | SD-2851 | Fix Critical "Potentially unsafe use of strcat" alerts in Momentum |
| Security Fix | SD-3099 | Fix Critical "Unbounded write" codeQL alert |
| Security Fix | SD-2866 | Fix High "Not enough memory allocated for array of pointer type" alert |
| Security Fix | SD-2863 | Fix High "Overflow in uncontrolled allocation size" |
| Security Fix | SD-2864 | Fix High "Time-of-check time-of-use filesystem race condition" |
| Security Fix | SD-2855 | Fix High "Use of a broken or risky cryptographic algorithm" alert in Momentum |
| Security Fix | SD-2856 | Fix High "Multiplication result converted to larger type" alert |
| Security Fix | SD-2857 | Fix High "Call to alloca in a loop" alert |
| Security Fix | SD-2858 | Fix High "Potentially uninitialized local variable" alerts |
| Security Fix | SD-2867 | Fix High "Array offset used before range check" alert in Momentum |
| Security Fix | SD-2868 | Fix High "Incorrect 'not' operator usage" alert |
| Security Fix | SD-2872 | Fix Warning " Unsigned comparison to zero" alert |
| Security Fix | SD-3074 | Fix Warning "Lossy function result cast" |
| Security Fix | SD-2876 | Fix Warning "Ambiguously signed bit-field member" alert |
| Security Fix | SD-2875 | Fix Warning "Comparison result is always the same" alert |
| Feature | SD-2751 | Adjust threshold for triggering automated memory/thread stats collection in panic log |
| Feature | SD-2764 | HTTP endpoints to retrieve queue sizes |
| Feature | SD-3061 | Update sk_tool so it works with auth login for SP |
| Feature | SD-3081 | Add millisecond precision to SMTP tracing |
| Feature | SD-3087 | Momentum summary HTTP endpoint |
| Feature | SD-3093 | Run lua object -> json string serialization for http responses into a thread pool |
| Feature | SD-3170 | Momentum Transmissions API: Allow blank or empty subject header and customer supplied header values |
| Feature | SD-3206 | Issues with behavior when STARTTLS is issued on an in-use connection |
| Feature | SD-3503 | Prevent protocol deviations related to openssl without the performance impact of SD-2734 |
| Feature | SD-3622 | Move JSON parsing and utf-8 validation out of CPU thread pool to dedicated thread pool |
| Feature | SD-3623 | Improve transmissions API sampling capabilities |
| Feature | SD-3633 | Move ET link processing out of CPU thread pool to dedicated thread pool |
| Feature | SD-3559 | Only pull necessary fields when validating stored templates for transmissions requests |
| Feature | SD-3661 | Empty header fields are stripped from generated messages |
Was this page helpful?