Recent Releases
1.2101 Jan 2021 14:05
minor bugfix:
Improve the number of translated strings
Remove all uses of alloca
In some places the length of untrusted strings has been used, e.g.
strings from the command line or from remote.
buffer overflows in progress bar code in some locales.
two null pointer accesses.
Amend cookie file header to be recognized by the 'file' command.
Post Handshake Authentication for OpenSSL.
Require gettext version 0.19.3+.
Add configure flags --enable-fsanitize-ubsan, --enable-fsanitize-asan
and --enable-fsanitize-msan for gcc and clang.
Make several smaller, enhance fuzzing, enhance building.
1.20.127 Dec 2018 05:45
minor feature:
--xattr is no longer default since it introduces privacy.
--xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment.
Are no longer saved to prevent privacy.
--xattr saves the Original URL without user/password to prevent.
Privacy.
1.2030 Nov 2018 09:25
minor feature:
Add new option `--retry-on-host-error` to treat local errors as transient
and hence Wget will retry to download the file after a brief waiting period.
multiple potential resource leaks as found by static analysis.
Wget will now not create an empty wget-log file when running with -q and -b.
switches together
When compiled using the GnuTLS = 3.6.3, Wget now has support for TLSv1.3.
Now there is support for using libpcre2 for regex pattern matching.
When downloading over FTP recursively, one can now use the.
-- accept,reject -regex switches to fine-tune the downloaded files.
Building Wget from the git sources now requires autoconf 2.63 or above.
Building from the Tarballs works as it used to.
1.19.507 May 2018 10:05
minor bugfix:
Cookie injection (CVE-2018-0494).
Enable TLS1.3 with recent OpenSSL environment.
New option --ciphers to set GnuTLS / OpenSSL ciphers directly.
Updated CSS grammar to CSS 2.2.
Several memleaks found by OSS-Fuzz.
Several buffer overflows found by OSS-Fuzz.
Several integer overflows found by OSS-Fuzz.
Several minor.
1.19.422 Jan 2018 10:25
major bugfix:
A major that caused GZip'ed pages to never be decompressed has been.
Support for Content-Encoding and Transfer-Encoding have been marked as.
Experimental and disabled by default
1.19.316 Jan 2018 20:45
minor bugfix:
Prevent erroneous decompression of.gz and.tgz files with broken servers.
Added support for HTTP 308 Permanent Redirect response.
a segfault in some cases where the Content-Type header is not sent.
Support OpenSSL 1.1 builds without using deprecated features.
netrc file detection on Windows.
Several minor.
1.19.227 Oct 2017 03:25
minor bugfix:
CVE-2017-13089 (Stack overflow in HTTP protocol handling).
CVE-2017-13090 (Heap overflow in HTTP protocol handling).
New option --compression for gzip Content-Encoding.
New option -- no -netrc to control.netrc parsing.
Added GNU extensions to.netrc parsing.
Improved IDNA 2003 compatibility.
VPATH.
Improved and extended the test suite.
Support Wayback Machine's X-Archive-Orig-last-modified.
Several.
1.1918 Jan 2017 12:05
minor bugfix:
New option --use-askpass=COMMAND. Fetch user/password by calling
an external program.
Use IDNA2008 (+ TR46 if available) through libidn2.
When processing a Metalink header, --metalink-index= allows
to process the header's application/metalink4+xml files.
When processing a Metalink file, --trust-server-names enables the.
Use of the destination file names specified in the Metalink file,
Otherwise a safe destination file name is computed.
When processing a Metalink file, enforce a safe destination path.
Remove any drive letter preunder w32, i.e. 'C:D:file'. Call.
Libmetalink's metalink_check_safe_path() to prevent absolute,
Relative, or home paths:
Https://tools.ietf.org/html/rfc5854#section-4.1.2.1
Https://tools.ietf.org/html/rfc5854#section-4.2.8.3
When processing a Metalink file, --directory-pre= sets.
The top of the retrieval tree to prefor Metalink downloads.
When processing a Metalink file, reject downloaded files which don't.
Agree with their own metalink:size value:
Https://tools.ietf.org/html/rfc5854#section-4.2.16
When processing a Metalink file, with --continue resume partially.
Downloaded files and keep fully downloaded files even if they fail
The verification.
When processing a Metalink file, create the parent directories of a.
"path/file" destination file name:
Https://tools.ietf.org/html/rfc5854#section-4.1.2.1
Https://tools.ietf.org/html/rfc5854#section-4.2.8.3
On a recursive download, append a.tmp sufto temporary files.
That will be deleted after being parsed, and create them
Readable/writable only by the owner.
New make target 'check-valgrind'.
Several.
Compatibility.
1.1810 Jun 2016 12:45
minor feature:
By default, on server redirects to a FTP resource, use the original
URL to get the local file name. CVE-2016-4971. This
introduces a backward-incompatibility for HTTP- FTP redirects and
any script that relies on the old behaviour must use.
--trust-server-names.
Check the HSTS file is not world-writable before using it.
Parse attributes on a recursive download.
problem with SNI server names having trailing dot(s).
New options --bind-dns-address and --dns-servers.
When Wget is built with libiconv, it now converts non-ASCII URIs to
the locale's codeset when it creates files. The encoding of the
remote files and URIs is taken from --remote-encoding, defaulting to
UTF-8. The result is that non-ASCII URIs and files downloaded via
HTTP/HTTPS and FTP will have names on the local filesystem that
correspond to their remote names.
1.17.113 Dec 2015 01:05
minor bugfix:
Compile error when IPv6 is disabled or SSL is not present.
HSTS memory leak.
Progress output in non-C locales.
SIGSEGV when -N and --content-disposition are used together.
Add --check-certificate=quiet to tell wget to not print any warning about.
Invalid certificates.
1.1716 Nov 2015 09:45
minor feature:
Remove FTP passive to active fallback due to privacy concerns.
Add support for --if-modified-since.
Add support for metalink through --input-metalink and --metalink-over-http.
Add support for HSTS through --hsts and --hsts-file.
Add option to restrict filenames under VMS.
Add support for --rejected-log which logs to a separate file the reasons why
URLs are being rejected and some context around it.
Add support for FTPS.
Do not download/save file on error when --spider enabled.
Add --convert-file-only option. This option converts only the
filename part of the URLs, leaving the rest of the URLs untouched.
1.16.204 Mar 2015 08:25
minor feature:
Native uuid generation on Windows
Fix build on Solaris
Allow progress bar on stderr when -o is used
Accept 5-digit port numbers in FTP EPSV responses.
Support older versions of flex.
Updated translations.
1.16.128 Feb 2015 07:05
minor feature:
Add --enable-assert configure option.
Use pkg-config to check for libraries presence.
Do not limit --secure-protocol=auto pfs to TLSv1.0.
Add --secure-protocol=TLSv1_1 TLSv1_2 .
Full C89 source code compliance.
Select and use the most secure authentication scheme with HTTP connections.
Fix issues with turkish locales.
Handle 504 Gateway Timeout.
New option --crl-file to load Certificate Revocation Lists.
Add valgrind support to tests suite.
Fix an off-by-one problem in the progress bar .
16.109 Dec 2014 10:25
minor feature:
Add --enable-assert configure option.
Use pkg-config to check for libraries presence.
Do not limit --secure-protocol=auto pfs to TLSv1.0.
Add --secure-protocol=TLSv1_1 TLSv1_2 .
Full C89 source code compliance.
Select and use the most secure authentication scheme with HTTP connections.
Fix issues with turkish locales.
Handle 504 Gateway Timeout.
New option --crl-file to load Certificate Revocation Lists.
Add valgrind support to tests suite.
Fix an off-by-one problem in the progress bar .
1.1631 Oct 2014 19:05
security:
No longer create local symbolic links by default. Closes CVE-2014-4877 (WGETBLEED).
Use libpsl for verifying cookie domains.
Default progress bar output changed.
Introduce --show-progress to force display the progress bar.
Introduce --no-config. The wgetrc files will not be read.
Introduce --start-pos to allow starting downloads from a specified
position.
Fix a problem with ISA Server Proxy and keep-alive connections.