"due to some privacy issues in default settings of Wget, we introduce
this bugfix release.
The --xattr option (saving original URL and Referer into extended file
attributes) was introduced and enabled by default since Wget 1.19.
It possibly saved - possibly unrecognized by the user - credentials,
access tokes etc that were included in the requested URL.
We changed three details as a countermeasure, see below in the NEWS section.
With Best Regards, Tim
...
NEWS
* Changes in Wget 1.20.1
** --xattr is no longer default since it introduces privacy issues.
** --xattr saves the Referer as scheme/host/port,
user/pw/path/query/fragment
are no longer saved to prevent privacy issues.
** --xattr saves the Original URL without user/password to prevent
privacy issues."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>