Dear Users,
I have released version 5.58 of stunnel.
This release fixes another security bug in the "redirect" option.
### Version 5.58, 2021.02.20, urgency: HIGH
* Security bugfixes
- The "redirect" option was fixed to properly handle
unauthenticated requests (thx to Martin Stein).
- Fixed a double free with OpenSSL older than 1.1.0 (thx to
Petr Strukov).
- OpenSSL DLLs updated to version 1.1.1j.
* New features
- New 'protocolHeader' service-level option to insert custom
'connect' protocol negotiation headers. This feature can
be used to impersonate other software (e.g. web browsers).
- 'protocolHost' can also be used to control the client SMTP
protocol negotiation HELO/EHLO value.
- Initial FIPS 3.0 support.
* Bugfixes
- X.509v3 extensions required by modern versions of OpenSSL
are added to generated self-signed test certificates.
- Fixed a tiny memory leak in configuration file reload
error handling (thx to Richard Könning).
- Merged Debian 05-typos.patch (thx to Peter Pentchev).
- Merged with minor changes Debian 06-hup-separate.patch
(thx to Peter Pentchev).
- Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
- Merged Debian 08-addrconfig-workaround.patch (thx to Peter
Pentchev).
- Fixed tests on the WSL2 platform.
- NSIS installer updated to version 3.06 to fix a multiuser
installation bug on some platforms, including 64-bit XP.
- Fixed engine initialization (thx to Petr Strukov).
- FIPS TLS feature is reported when a provider or container
is available, and not when FIPS control API is available.
Home page:
https://www.stunnel.org/Download:
https://www.stunnel.org/downloads.htmlSHA-256 hashes:
d4c14cc096577edca3f6a2a59c2f51869e35350b3988018ddf808c88e5973b79 stunnel-5.58.tar.gz
92055a006a0d178a25cc29ef681ae32d4cea3075c096abc893c92ba6285d6908 stunnel-5.58-win64-installer.exe
57c313ee8b42da42265b33fb91555a58c1f1b94f5e93a389c310e37a87f2013c stunnel-5.58-android.zip
Best regards,
Mike