Skip to content

@toberndo toberndo released this Jul 4, 2019

  • [Security] New key import UI that displays all imported user IDs and requires additional confirmation step (CVE-2019-9150)
  • [Security] Fix insufficient key equality checks when importing keys via the client-API
  • [Security] Fix self signature check for armoredDraft option when using GnuPG keyring. Sign and encrypt operations should always require user interaction (CVE-2019-9149).
  • [Security] Add missing message and key validity checks (CVE-2019-9148)
  • [Security] Improve counter of private key operations to increase resistance against time-based side-channel attacks
  • Improve GPG detection on startup
  • [Security] Fix issue with the private key restore mechanism, that stores unlocked private keys inside the encrypted recovery message
  • Support for Autocrypt headers in client-API
Assets 5
You can’t perform that action at this time.