Release 1.4.23

gpg · Jun 11, 2018 · 8ae6a24 · 8ae6a24
1 parent dd6192b
commit 8ae6a24
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 4 deletions.
diff --git a/NEWS b/NEWS
@@ -1,6 +1,22 @@
-Noteworthy changes in version 1.4.23 (unreleased)
+Noteworthy changes in version 1.4.23 (2018-06-11)
 -------------------------------------------------
 
+ * gpg: Sanitize the diagnostic output of the original file name in
+   verbose mode.  [#4012,CVE-2018-12020]
+
+ * Does not push the compress-filter if not needed.  [#3898]
+
+ * Fix the regexp sanitation. [#2923]
+
+ * Fix the accidental use of a C99 feature.
+
+ * Does not try to use the removed /dev/srandom device on OpenBSD.
+
+ * Updated the Danish, Dutch and Spansih translations.
+
+ Release info at <https://dev.gnupg.org/T4015>.
+
+
 Noteworthy changes in version 1.4.22 (2017-07-19)
 -------------------------------------------------
 

diff --git a/README b/README
@@ -1,10 +1,10 @@
 
 		    GnuPG - The GNU Privacy Guard
 		   -------------------------------
-                            Version 1.4.22
+                            Version 1.4.23
 
-	 Copyright 1998-2017 Free Software Foundation, Inc.
-         Copyright 1997-2017 Werner Koch
+	 Copyright 1998-2018 Free Software Foundation, Inc.
+         Copyright 1997-2018 Werner Koch
 
     This file is free software; as a special exception the author
     gives unlimited permission to copy and/or distribute it, with or
@@ -15,6 +15,26 @@
     the implied warranty of MERCHANTABILITY or FITNESS FOR A
     PARTICULAR PURPOSE.
 
+    Warning
+    -------
+
+    This version is from a legacy branch of GnuPG.  We provide this
+    version only for two purposes:
+
+     - To decrypt and verify old messages created using PGP-2 keys.
+       Due to security problems with PGP-2 keys, these keys are not
+       anymore supported by the current stable GnuPG versions.
+
+     - For ancient pre-POSIX platforms which are not capable of
+       building the modern GnuPG-2.
+
+    Although there are no plans to stop basic maintenance of the 1.4
+    branch, it will not see any updates except for severe security
+    problems.  Side-channel attacks and the like won't be fixed in
+    this branch.  It is strongly suggested to migrate to the current
+    stable GnuPG version and - if at all needed - use the 1.4 version
+    only for the above listed purposes.
+
 
     Intro
     -----