From grim at reaperworld.com  Fri Jun  4 04:11:17 2021
From: grim at reaperworld.com (Gary Kramlich)
Date: Fri, 4 Jun 2021 03:11:17 -0500
Subject: 2.14.5 has been released!
Message-ID: <a5e935b1-f4d7-fdc1-8ac3-0c1b7022d717@reaperworld.com>

Whoops we missed May, but hopefully you all enjoy this kind of rushed
release!

Why was it rushed? Well a certain unnamed broker of software
vulnerabilities posted a bounty for vulnerabilities in Pidgin. Thus we
quickly ran a bunch of static analysis tools and patched everything we
could find.

We have no reason to believe that 2.14.5 is any safer than 2.14.4 as the
issues the static analysis found should not be exploitable. However, we
didn’t want to take a chance and leave them in.

We also changed the default value of the Enable automatic router port
forwarding preference from on to off. We suggest you disable this
setting as well if you’re upgrading and you don’t typically send files
directly to other users.

For the first time in a long time we updated our bundled TLS
Certificates. This should hopefully avoid some certificate warnings for
some users but there’s a good chance some third party protocol plugins
users might still see them.

Finally, with all the events regarding the Freenode and Libera IRC
networks, we decided to change the default IRC server from
irc.freenode.net to irc.libera.chat. We will maintain a presence on both
networks for as long as we have users there.

The complete changelog for this release is the following:

General:
* Updated our bundled certificates to the latest version from Mozilla.
  (RR #722) (PIDGIN-17535) (Gary Kramlich)
* Made the project scan-build clean. (RR #692-705, #707-714, #716-#719)
  (Gary Kramlich)
* Fixed some of Gary's scan-build fixes that were a bit verbose. (RR #715)
  (Elliott Sales de Andrade)
* Disabled UPnP and NAT-PMP by default for new user. (RR #706) (Gary
  Kramlich)

IRC:
* Changed the default server to irc.libera.chat. (RR #675) (Gary Kramlich)

Windows Specific Changes:
* Fixed the installer not running when Mandatory ASLR was turned on.
  (RR #721) (PIDGIN-17524) (Gary Kramlich)

Thanks,

--
Gary Kramlich <grim at reaperworld.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.pidgin.im/pipermail/announce/attachments/20210604/019a44df/attachment.sig>