Exim Sysadmins Beware, Debian Bookworm Is a Major Update

A warning for all sysadmin using Exim on Debian Bullseye, don't switch to Debian Bookworm just yet.

The changelog will tell you that, for Exim 4.96-15 in Debian Bookworm:

The allow_insecure_tainted_data main config option and the "taint"
log_selector were removed

However, if you run Debian Bullseye, you never get the warning. Those might have come with Exim in unstable/bullseye-backports:

Please consider exim 4.93/4.94 a *major* exim upgrade. It introduces the
concept of tainted data read from untrusted sources, like e.g. message
sender or recipient. This tainted data (e.g. $local_part or $domain)
cannot be used among other things as a file or directory name or command
This WILL BREAK configurations which are not updated accordingly.

That version at least came with a quick fix:

 allow_insecure_tainted_data = yes

Which is not available in Bookworm.