[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-2.10.2.html]
Postfix stable release 2.10.2, and legacy releases 2.9.8, 2.8.16, 2.7.15 are available. They contain fixes and workarounds that are also part of Postfix 2.11.
TLS Interoperability workaround: turn on SHA-2 digests by force. This improves interoperability with clients and servers that deploy SHA-2 digests without the required support for TLSv1.2-style digest negotiation.
TLS Performance workaround: the Postfix SMTP server TLS session cache had become ineffective because recent OpenSSL versions enable session tickets by default, resulting in a different ticket encryption key for each smtpd(8) process. The workaround turns off session tickets. Postfix 2.11 will enable session tickets properly.
TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail to communicate with Postfix and possibly other MTAs, with the following Exim SMTP client error message:
TLS error on connection to server-name [server-address] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough)
See the RELEASE_NOTES file for a Postfix SMTP server configuration workaround.
Bugfix (defect introduced: 1997): memory leak while forwarding mail with the local(8) delivery agent, in code that handles a cleanup(8) server error.
You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.