An update of #gpg4win has been released: Version 5.0.2. See https://gpg4win.org

An update to this version is recommended due to the following security fixes:

- A security bug in GpgOL has been fixed which could result in no warning shown to the user when a signed mail contained a not signed attachment after a signed one. (T8110)

- The libpng component has been updated to version 1.6.55 to fix a security issue (CVE-2026-25646). This is only exploitable in our software if a mail is opened via Kleopatra.

Unfortunately we have to announce a #gnupg #security #advisory:
Please update to GnuPG to the new 2.5.17 or #gpg4win to 5.0.1

The details are here:
https://lists.gnupg.org/pipermail/gnupg-announce/2026q1/000501.html

Alright, #gpg4win version 5 has just been released. Leap to https://www.gpg4win.org .

The "What's new" page is a bit crude right now and the release notes need to be adjusted to the used CSS, but except for these website things, its ready. Of course it is not bug free but it is better to start using it than to use an old version which will reach end-of-life in half a year.

Kudos to all the testers and bug reporters; you did a great job.

Eines meiner #Projekte2026 😉

Standard Mails sind genauso "sicher" wie Postkarten - jeder könnte mitlesen, vertrauliche Daten liegen *unter Umständen* offen auf fremden Servern ...
Das muss aber nicht so sein. Und wenn es nur darum geht zu erkennen, ob die Mail wirklich aus der Quelle kommt, die behauptet der Absender zu sein.

Lasst uns Mails sicherer machen und aktiv #OpenPGP nutzen!

#Mailsicherheit #Verschluesselung #GPG4Win #OpenKeyChain #GnuPG

Details about the (ongoing) response to https://gpg.fail/ from GnuPG's side:

* https://www.gnupg.org/blog/20251226-cleartext-signatures.html
* https://dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
* https://dev.gnupg.org/T7900 (overview)

Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.

(Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)

#EndtoEndCrypto #LibrePGP #GnuPG #Security

A new beta of #gpg4win 5 is now available:

https://www.gpg4win.org/version5.html

This one comes with #gnupg 2.5.16 and can be considered as a release candidate.

We getting closer to a #gpg4win 5 release. 😀 Here is a new Beta version:

https://files.gpg4win.org/Beta/gpg4win-5.0.0-beta369/gpg4win-5.0.0-beta369.exe

featuring #kleopatra and #okular updates and comes of course with the fresh #GnuPG version 2.5.12

И еще один приколь вылез, когда хотел изменения в git закоммитить.

В конфиге репозитория программа и ключ прописаны, а программы самой нет. В итоге нашёл, как сделать GPG4Win портативным, чтобы ключи тоже хранились в переносном каталоге.

https://wiki.gnupg.org/Gpg4win/PortableVersion

Сначала попробовал просто установщик распаковать, но оно не работало. Попробовал установить и скопировать по пунктам, итоге заработало. Скорее всего где-то порядок напутал.

Gitk и git gui помогли отправить изменения на сервер. Через CLI как-то разбираться не хотелось, а тут всё как надо сработало с подписью, комментариями и фильтрами.

#soft #gpg #gpg4win #git

#GnuPG 2.5.9 has been released along with a new #Gpg4win beta. And - for the first time - we now publish packages for #Debian, #Devuan, and #Ubuntu .

See https://lists.gnupg.org/pipermail/gnupg-announce/2025q3/000495.html