[quassel-announce] Releasing Quassel 0.12.2

Manuel Nickschas sputnick at quassel-irc.org
Fri May 1 15:33:05 CEST 2015

Hi all,

I'm happy to announce the release of Quassel IRC version 0.12.2! This version 
now fully supports KDE Frameworks, so Quassel behaves properly in a Plasma 5 
environment. Other new features include an improved password hashing 
algorithm, proper unicode-aware message splitting for both normal and CTCP 
messages, improved handling of PostgreSQL database connections, a bunch of 
bugfixes and updated translations. If you connect to a 0.12.x core, you can 
also now change your core password from the client.

The 0.12.2 release provides a security fix for CVE-2015-3427. This is related 
to an older vulnerability (CVE-2013-4422) that we had deemed fixed a long time 
ago; however, restarting your PostgreSQL database while Quasselcore is running 
would bring it back from the dead.

Version 0.12.2 also fixes CVE-2014-8483, CVE-2015-2778 and CVE-2015-2779. All 
of these can only be exploited by local and authenticated users, and as such 
after discussion with several security teams were not deemed to be critical 
enough to warrant an out-of-cycle security release.

We highly recommend upgrading to 0.12.2 or 0.11.1 (which contains only those 
fixes, but no new features).

Please read the full release announcement at <http://quassel-irc.org>.

~ Sputnick on behalf of the Quassel Team
Manuel "Sputnick" Nickschas ("Sput" on Freenode)                  |  (o<
Member of the Quassel IRC Project - http://quassel-irc.org        |  //\
Come visit us in #quassel!                                        |  V_/_

More information about the quassel-announce mailing list