Dear Users, I have released version 5.58 of stunnel. This release fixes another security bug in the "redirect" option. ### Version 5.58, 2021.02.20, urgency: HIGH * Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein). - Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov). - OpenSSL DLLs updated to version 1.1.1j. * New features - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. * Bugfixes - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). - Merged Debian 05-typos.patch (thx to Peter Pentchev). - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). - Merged Debian 07-imap-capabilities.patch (thx to Ansgar). - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). - Fixed tests on the WSL2 platform. - NSIS installer updated to version 3.06 to fix a multiuser installation bug on some platforms, including 64-bit XP. - Fixed engine initialization (thx to Petr Strukov). - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: d4c14cc096577edca3f6a2a59c2f51869e35350b3988018ddf808c88e5973b79 stunnel-5.58.tar.gz 92055a006a0d178a25cc29ef681ae32d4cea3075c096abc893c92ba6285d6908 stunnel-5.58-win64-installer.exe 57c313ee8b42da42265b33fb91555a58c1f1b94f5e93a389c310e37a87f2013c stunnel-5.58-android.zip Best regards, Mike
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
