[Bug-wget] [ANNOUNCEMENT] New release 1.19.5 of GNU Wget

[Tim Rühsen]

Hello,

we are pleased to announce the new version of GNU wget 1.19.5.

GNU Wget is a free utility for non-interactive download of files from
the Web.
It supports HTTP(S), and FTP(S) protocols, as well as retrieval through HTTP
proxies.

This version fixes CVE-2018-0494 (Cookie injection vulnerability) found
by Harry Sintonen.
This version fixes several issues, mostly found by OSS-Fuzz.
It also introduces TLS1.3 with OpenSSL, a new option --ciphers and
updates the CSS grammar to version 2.2.

Many thanks go to all the contributors and list activists !


The new version is available for download here:

https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz
https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.lz

and the GPG detached signatures using the key 0x08302DB6A2670428:

https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz.sig
https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.lz.sig

To reduce load on the main server, you can use this redirector service
which automatically redirects you to a mirror:

https://ftpmirror.gnu.org/wget/wget-1.19.5.tar.gz
https://ftpmirror.gnu.org/wget/wget-1.19.5.tar.lz


Noteworthy changes:

* Fix cookie injection (CVE-2018-0494)

* Enable TLS1.3 with recent OpenSSL environment

* New option --ciphers to set GnuTLS / OpenSSL ciphers directly

* Updated CSS grammar to CSS 2.2

* Fixed several memleaks found by OSS-Fuzz

* Fixed several buffer overflows found by OSS-Fuzz

* Fixed several integer overflows found by OSS-Fuzz

* Several minor bug fixes



Please report any problem you may experience to the address@hidden
mailing list.

For the maintainers of Wget,
Tim Rühsen

signature.asc
Description: OpenPGP digital signature