Release GnuPG 2.5.21
Open, NormalPublic

Assigned To
None
Authored By
werner
May 13 2026, 2:51 PM
Subscribers

Description

Noteworthy changes in version 2.5.21 (2026-07-02)

  • New and extended features:
    • gpg, gpgsm: Use partial file on decryption, remove on failure. Disable with "--compatibility-flags=no-partial-file-guard". [T7873]
    • gpg: Use the INT_RCP_FPR subpacket in revocation signatures. [T8252]
    • Create a pkgversioninfo.txt file when building using the speedo build system.
  • Bug fixes:
    • gpg: Fix potential use-after-free in batch key generation when handling the keyserver URL option. [T8277]
    • gpgsm: Fix regression in gpgsm_verify with expired certificates. [T8188]
    • gpgsm: Require a minimum tag length for GCM decryption. [rG4c7e68cf3d, CVE-2026-34182]
    • scd: Limit the size of returned APDU objects from faulty cards. [T8281]
    • scd: Fix condition to retrieve ATR. [rGca25a7a61b]
    • scd:openpgp: Fix regression in CHV1 retry counter byte index. [rG245330ebea]
    • agent: Make batch import of Kyber keys work. [T8029]
    • dirmngr: Add a validation check in get_dns_cert_standard. [T8303]
    • gpgconf: Raise an error on certain parse errors. [T8261]
    • Fix use of usleep in file remove function on Windows. Regression since 2.5.13. [rGab9ce5f5e7]

(prev: T7997 next: T8320)

Event Timeline

werner triaged this task as Normal priority.May 13 2026, 2:51 PM
werner created this task.
werner created this object with edit policy "Administrators".
werner added projects: gnupg, Release Info.
werner updated the task description. (Show Details)