Hi, due to some privacy issues in default settings of Wget, we introduce this bugfix release.
The --xattr option (saving original URL and Referer into extended file attributes) was introduced and enabled by default since Wget 1.19. It possibly saved - possibly unrecognized by the user - credentials, access tokes etc that were included in the requested URL. We changed three details as a countermeasure, see below in the NEWS section. With Best Regards, Tim Here are the compressed sources and a GPG detached signature[*]: https://ftp.gnu.org/gnu/wget/wget-1.20.1.tar.gz https://ftp.gnu.org/gnu/wget/wget-1.20.1.tar.gz.sig Use a mirror for higher download bandwidth: https://ftpmirror.gnu.org/wget/wget-1.20.1.tar.gz https://ftpmirror.gnu.org/wget/wget-1.20.1.tar.gz.sig Here are the MD5 and SHA1 checksums: f6ebe9c7b375fc9832fb1b2028271fb7 wget-1.20.1.tar.gz 4b1ade04ee7ff30181357e0c66b5ac74e39f79b3 wget-1.20.1.tar.gz [*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify wget-1.20.1.tar.gz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.gnupg.net --recv-keys 0x08302DB6A2670428 and rerun the 'gpg --verify' command. NEWS * Changes in Wget 1.20.1 ** --xattr is no longer default since it introduces privacy issues. ** --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment are no longer saved to prevent privacy issues. ** --xattr saves the Original URL without user/password to prevent privacy issues.
signature.asc
Description: OpenPGP digital signature
-- If you have a working or partly working program that you'd like to offer to the GNU project as a GNU package, see https://www.gnu.org/help/evaluation.html.
