Releases: Zimbra-Community/pgp-zimlet
update openpgp.js to v1.5.7 and zimlet to 1.8.4
update openpgp.js to v1.5.7 and zimlet to 1.8.4
update openpgp.js v1.4.0, zimlet to 1.8.3
drop support for zmzimletctl (git -> _dev is now recommended)
If you still want the zip, see: https://github.com/Zimbra-Community/pgp-zimlet/wiki/Building-ZIP-for-use-with-zmzimletctl
Fixing a bug in gmail/mailvelope 1.8.1
Fixing a bug in gmail/mailvelope 1.8.1
add support for decrypting messages from gmail/mailvelope
add support for decrypting messages from gmail/mailvelope
release 1.8.0 security fix openpgp.js
Forgot to add the release tag for 1.8.0, so doing it now:
add version 1.8.0, security fix openpgp.js
Date: Mon, 5 Oct 2015 09:39:17 +0200
From: [email protected]
To: [email protected]
Subject: [openpgpjs] Critical vulnerability in S2KHello,
a vulnerability in the S2K function of OpenPGP.js allows to produce a
predictable session key without knowing the passphrase.An attacker is able to create a private PGP key that will decrypt in
OpenPGP.js regardless of the passphrase given.More critical: it is possible to forge a symmetrically encrypted PGP
message (Symmetric-Key Encrypted Session Key Packets (Tag 3)) that
will decrypt with any passphrase in OpenPGP.js. This can be an attack
vector if successful decryption of such a message is used as an
authentication mechanism.The bug is fixed with a strict check on unknown S2K types.
Credits for finding the bug go to Gijs Hollestelle and thanks to Jonas
Magazinius from Cure53 for reporting the problem.Please update to OpenPGP.js v1.3.0
Best,
Thomas
http://openpgpjs.org
Subscribe/unsubscribe: http://list.openpgpjs.org
release 1.7.9 add chinese
release 1.7.9 add chinese
release 1.7.8 - avoid importing duplicate public keys - add additional info when sending public keys
release 1.7.8
- avoid importing duplicate public keys
- add additional info when sending public keys
- add error handler when there is no public key to send
Increment version number for failed zip package 1.7.6
Increment version number for failed zip package 1.7.6
The zip file for 1.7.5 had _dev prefix in the fixed paths... that should have been removed.
Simplify public key sharing
- Whenever a plain text email is received that contains a readable public key armored block, a dialog is shown asking the user to import the public key. A context help link has been added to explain fingerprint verification.
- A menu option (Zimlet menu left bottom) has been added "Send someone my public key", it opens a new plain text formatted message with the users own public key.
Version 1.7.5 Always encrypt to self
Added feature: Always encrypt to self
single-click = double-click on the Zimlet panel icon
remove the feature to Hide PGP SIGNED MESSAGE block