Page MenuHome GnuPG

Release GnuPG 2.3.8
Closed, ResolvedPublic


Noteworthy changes in version 2.3.8 (2022-10-13)

  • gpg: Do not consider unknown public keys as non-compliant while decrypting. [T6205]
  • gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. [T6221]
  • gpg: Improve --edit-key setpref command to ease c+p. [rG1908fa8b83]
  • gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. [T6126]
  • gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. [T6119]
  • gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. [T6043]
  • gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. [T5713,T6037]
  • agent: Fix a regression in "READKEY --format=ssh". [T6012]
  • agent: New option --need-attr for KEYINFO. [rG989eae648c]
  • agent: New attribute "Remote-list" for use by KEYINFO. [r1383aa4750]
  • scd: Fix problem with Yubikey 5.4 firmware. [T6070]
  • dirmngr: Fix CRL Distribution Point fallback to other schemes. [rG0c8299e2b5]
  • dirmngr: New LDAP server flag "areconly" (A-record-only). [rGd65a0335e5]
  • dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. [rG536b5cd663]
  • dirmngr: Use LDAP schema v2 when a Base DN is specified. [T6047]
  • dirmngr: Avoid caching expired certificates. [T6142]
  • wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. [rG8a63a8c825,T6098]
  • wkd: New command --mirror for gpg-wks-client. [T6224]
  • gpg-auth: New tool for authentication. [T5862]
  • New common.conf option no-autostart. [rG203dcc19eb]
  • Silence warnings from AllowSetForegroundWindow unless GNUPG_EXEC_DEBUG_FLAGS is used. [rG4ef8516a79]

(prev: T5947 next: T6303)

Related Objects

Mentioned In
T6303: Release GnuPG 2.4.0
T5947: Release GnuPG 2.3.7
Mentioned Here
T6303: Release GnuPG 2.4.0
rG8a63a8c8257e: wkd: Fix path traversal attack on gpg-wks-server.
rG4ef8516a79f9: common: Silence warnings from AllowSetForegroundWindow.
rG989eae648c8f: agent: New option --need-attr for KEYINFO.
rG1908fa8b835c: gpg: Improve --edit-key setpref.
rG203dcc19eb48: common: New common option no-autostart.
rG0c8299e2b56e: dirmngr: Fix CRL DP error fallback to other schemes.
rGd65a0335e5cb: dirmngr: New server flag "areconly" (A-record-only)
rG536b5cd66305: dirmngr: Fix lost flags during LDAP upload
T5713: Kleopatra: PKCS#12 Import no Error on bad passphrase
T5862: authentication with USB token
T6012: gpg-agent: Add --format=ssh option for READKEY
T6037: Allow import of nwer DFN generated P12 files
T6043: "Emty Email" in outlook
T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified
T6070: Yubikey 5C 'not available: card error' regression
T6098: Path traversal bug in gpg-wks-server
T6119: GnuPG: Compliance mode status omitted when decrypting combined symmetric and asymmetric data
T6126: gpg: Support specifiying user ID to set as primary as UID hash for --quick-set-primary-uid
T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired
T6205: GnuPG: Unknown encryption keys should not result in non-compliant encryption on decryption
T6221: When encrypting, gpg claims DE_VS compliance with non-compliant gcrypt
T6224: Mirror internal LDAP to a WKD
T5947: Release GnuPG 2.3.7

Event Timeline

werner triaged this task as Normal priority.Jul 26 2022, 7:37 PM
werner created this task.
werner created this object with edit policy "Administrators".
werner claimed this task.
werner set External Link to
werner renamed this task from Release GnuPG 2.2.38 to Release GnuPG 2.3.8.Dec 6 2022, 10:10 AM
werner updated the task description. (Show Details)