Skip to content
Choose a tag to compare

Mailvelope 3.3.0

@toberndo toberndo released this
Choose a tag to compare
  • [Security] New key import UI that displays all imported user IDs and requires additional confirmation step (CVE-2019-9150)
  • [Security] Fix insufficient key equality checks when importing keys via the client-API
  • [Security] Fix self signature check for armoredDraft option when using GnuPG keyring. Sign and encrypt operations should always require user interaction (CVE-2019-9149).
  • [Security] Add missing message and key validity checks (CVE-2019-9148)
  • [Security] Improve counter of private key operations to increase resistance against time-based side-channel attacks
  • Improve GPG detection on startup
  • [Security] Fix issue with the private key restore mechanism, that stores unlocked private keys inside the encrypted recovery message
  • Support for Autocrypt headers in client-API