https://lists.gnu.org/archive/html/info-gnu/2026-01/msg00000.html announced release 2.2.1 of GNU Wget2, the successor of GNU Wget.
The announcement listed these noteworthy changes:
* Fix file overwrite issue with metalink * Fix remote buffer overflow in get_local_filename_real() * Fix a redirect/mirror regression from 400713ca * Use the local system timestamp when requested via --no-use-server-timestamps * Prevent file truncation with --no-clobber * Improve messages about why URLs are not being followed * Fix metalink with -O/--output-document * Fix sorting of metalink mirrors by priority * Add --show-progress to improve backwards compatibility to wget * Fix buffer overflow in wget_iri_clone() after wget_iri_set_scheme() * Allow 'no_' prefix in config options * Use libnghttp2 for HTTP/2 testing * Fix WolfSSL build issue if SSLv2 isn't built into the library * Set exit status to 8 on 403 response code * Fix convert-links * Fix --server-response for HTTP/1.1 * Fix anchor links in README.md for Gitlab * Fix html examples in the documentation * Improvements on code, docs and CI/testing
The first bullet appears to have been assigned CVE-2025-69194: https://access.redhat.com/security/cve/cve-2025-69194 and the second bullet appears to have been assigned CVE-2025-69195: https://access.redhat.com/security/cve/cve-2025-69195 -- -Alan Coopersmith- [email protected] Oracle Solaris Engineering - https://blogs.oracle.com/solaris
