GnuPG 2.3.8 GnuPG 2.3.8 releasedWe are pleased to announce the availability of a new stable GnuPG release: version 2.3.8. This release comes with a lot of new features and the binary releases come with the fix for the Libksba vulnerability CVE-2022-3515 (https://gnupg.org/blog/20221017-pepe-left-the-ksba.html).Noteworthy changes in version 2.3.8
gpg: Do not consider unknown public keys as non-compliant while decrypting. [T6205]
gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. [T6221]
gpg: Improve –edit-key setpref command to ease c+p. [rG1908fa8b83]
gpg: Emit an ERROR status if –quick-set-primary-uid fails and allow to pass the user ID by hash. [T6126]
gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. [T6119]
gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. [T6043]
gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. [T5713,T6037]
agent: Fix a regression in “READKEY –format=ssh”. [T6012]
agent: New option –need-attr for KEYINFO. [rG989eae648c]
agent: New attribute “Remote-list” for use by KEYINFO. [r1383aa4750]
scd: Fix problem with Yubikey 5.4 firmware. [T6070]
dirmngr: Fix CRL Distribution Point fallback to other schemes. [rG0c8299e2b5]
dirmngr: New LDAP server flag “areconly” (A-record-only). [rGd65a0335e5]
dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. [rG536b5cd663]
dirmngr: Use LDAP schema v2 when a Base DN is specified. [T6047]
dirmngr: Avoid caching expired certificates. [T6142]
wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. [rG8a63a8c825,T6098]
wkd: New command –mirror for gpg-wks-client. [T6224]
gpg-auth: New tool for authentication. [T5862]
New common.conf option no-autostart. [rG203dcc19eb]
Silence warnings from AllowSetForegroundWindow unless GNUPG_EXEC_DEBUG_FLAGS is used. [rG4ef8516a79]
Release-info: https://dev.gnupg.org/T6106