new release 3.4.0 - critical security release

rsync.project rsync.project at gmail.com
Tue Jan 14 19:49:04 UTC 2025


We have just released version 3.4.0 of rsync. This release fixes 6 security
vulnerabilities found by two groups of security researchers.

You can find the new release links here:

 - https://rsync.samba.org/
 - https://download.samba.org/pub/rsync/src/

For details on the vulnerabilities please see this CERT advisory:

https://kb.cert.org/vuls/id/952657

The various distros should be doing security releases today
Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google
Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for discovering
these vulnerabilities and working with the rsync project to develop and
test fixes.

Also many thanks to Wayne Davison for assisting with the release process as
this is the first release I've done since 2002 when Wayne took over as the
rsync maintainer.

Andrew Tridgell
rsync maintainer (again!)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20250115/6b953bcd/attachment.htm>


More information about the rsync mailing list