Hello, we are pleased to announce the new version of GNU wget 1.19.5.
GNU Wget is a free utility for non-interactive download of files from the Web. It supports HTTP(S), and FTP(S) protocols, as well as retrieval through HTTP proxies. This version fixes CVE-2018-0494 (Cookie injection vulnerability) found by Harry Sintonen. This version fixes several issues, mostly found by OSS-Fuzz. It also introduces TLS1.3 with OpenSSL, a new option --ciphers and updates the CSS grammar to version 2.2. Many thanks go to all the contributors and list activists ! The new version is available for download here: https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.lz and the GPG detached signatures using the key 0x08302DB6A2670428: https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz.sig https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.lz.sig To reduce load on the main server, you can use this redirector service which automatically redirects you to a mirror: https://ftpmirror.gnu.org/wget/wget-1.19.5.tar.gz https://ftpmirror.gnu.org/wget/wget-1.19.5.tar.lz Noteworthy changes: * Fix cookie injection (CVE-2018-0494) * Enable TLS1.3 with recent OpenSSL environment * New option --ciphers to set GnuTLS / OpenSSL ciphers directly * Updated CSS grammar to CSS 2.2 * Fixed several memleaks found by OSS-Fuzz * Fixed several buffer overflows found by OSS-Fuzz * Fixed several integer overflows found by OSS-Fuzz * Several minor bug fixes Please report any problem you may experience to the bug-w...@gnu.org mailing list. For the maintainers of Wget, Tim Rühsen
signature.asc
Description: OpenPGP digital signature
-- If you have a working or partly working program that you'd like to offer to the GNU project as a GNU package, see https://www.gnu.org/help/evaluation.html.
