[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU Wget 1.19.5 released

From: Tim Rühsen
Subject: GNU Wget 1.19.5 released
Date: Sun, 6 May 2018 19:09:47 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0


we are pleased to announce the new version of GNU wget 1.19.5.

GNU Wget is a free utility for non-interactive download of files from
the Web.
It supports HTTP(S), and FTP(S) protocols, as well as retrieval through HTTP

This version fixes CVE-2018-0494 (Cookie injection vulnerability) found
by Harry Sintonen.
This version fixes several issues, mostly found by OSS-Fuzz.
It also introduces TLS1.3 with OpenSSL, a new option --ciphers and
updates the CSS grammar to version 2.2.

Many thanks go to all the contributors and list activists !

The new version is available for download here:

and the GPG detached signatures using the key 0x08302DB6A2670428:

To reduce load on the main server, you can use this redirector service
which automatically redirects you to a mirror:

Noteworthy changes:

* Fix cookie injection (CVE-2018-0494)

* Enable TLS1.3 with recent OpenSSL environment

* New option --ciphers to set GnuTLS / OpenSSL ciphers directly

* Updated CSS grammar to CSS 2.2

* Fixed several memleaks found by OSS-Fuzz

* Fixed several buffer overflows found by OSS-Fuzz

* Fixed several integer overflows found by OSS-Fuzz

* Several minor bug fixes

Please report any problem you may experience to the address@hidden
mailing list.

For the maintainers of Wget,
Tim Rühsen

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]