Hi all,
I'm happy to announce the release of Quassel IRC version 0.12.2! This version
now fully supports KDE Frameworks, so Quassel behaves properly in a Plasma 5
environment. Other new features include an improved password hashing
algorithm, proper unicode-aware message splitting for both normal and CTCP
messages, improved handling of PostgreSQL database connections, a bunch of
bugfixes and updated translations. If you connect to a 0.12.x core, you can
also now change your core password from the client.
The 0.12.2 release provides a security fix for CVE-2015-3427. This is related
to an older vulnerability (CVE-2013-4422) that we had deemed fixed a long time
ago; however, restarting your PostgreSQL database while Quasselcore is running
would bring it back from the dead.
Version 0.12.2 also fixes CVE-2014-8483, CVE-2015-2778 and CVE-2015-2779. All
of these can only be exploited by local and authenticated users, and as such
after discussion with several security teams were not deemed to be critical
enough to warrant an out-of-cycle security release.
We highly recommend upgrading to 0.12.2 or 0.11.1 (which contains only those
fixes, but no new features).
Please read the full release announcement at <http://quassel-irc.org>.
Cheers,
~ Sputnick on behalf of the Quassel Team
--
Manuel "Sputnick" Nickschas ("Sput" on Freenode) | (o<
Member of the Quassel IRC Project - http://quassel-irc.org | //\
Come visit us in #quassel! | V_/_