"This version fixes CVE-2018-0494 (Cookie injection vulnerability) found
by Harry Sintonen.
This version fixes several issues, mostly found by OSS-Fuzz.
It also introduces TLS1.3 with OpenSSL, a new option --ciphers and
updates the CSS grammar to version 2.2.
...
Noteworthy changes:
* Fix cookie injection (CVE-2018-0494)
* Enable TLS1.3 with recent OpenSSL environment
* New option --ciphers to set GnuTLS / OpenSSL ciphers directly
* Updated CSS grammar to CSS 2.2
* Fixed several memleaks found by OSS-Fuzz
* Fixed several buffer overflows found by OSS-Fuzz
* Fixed several integer overflows found by OSS-Fuzz
* Several minor bug fixes"
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>