|
3 | 3 | Note: This file refers to the official packages. Things described here may |
4 | 4 | differ slightly from third-party binary packages. |
5 | 5 |
|
| 6 | +## 1.5.2 |
| 7 | + |
| 8 | +ClamAV 1.5.2 is a patch release with the following fixes: |
| 9 | + |
| 10 | +- [CVE-2026-20031](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20031): |
| 11 | + Fixed an error handling bug in the HTML file parser that may crash the program |
| 12 | + and cause a denial-of-service (DoS) condition. |
| 13 | + |
| 14 | + This issue was introduced in version 1.1.0. |
| 15 | + The fix is included in 1.5.2 and 1.4.4. |
| 16 | + |
| 17 | +- Fixed a possible infinite loop when scanning some JPEG files by upgrading |
| 18 | + affected ClamAV dependency, a Rust image library. |
| 19 | + |
| 20 | + Unfortunately, this change requires a newer Rust compiler for ClamAV. |
| 21 | + The minimum Rust version for ClamAV 1.4.3 was 1.85.1. |
| 22 | + The minimum Rust version for ClamAV 1.4.4 is now 1.87.0. |
| 23 | + |
| 24 | +- Fixed a possible crash on Windows when scanning some files while using the |
| 25 | + `LeaveTemporaryFiles` and `TemporaryDirectory` features. |
| 26 | + |
| 27 | +- The CVD verification process will now ignore certificate files in the CVD |
| 28 | + certs directory when the user lacks read permissions. |
| 29 | + |
| 30 | +- Freshclam: Fixed CLD verification bug with `PrivateMirror` option. |
| 31 | + |
| 32 | +- Upgraded the Rust `bytes` dependency to a newer version to resolve the |
| 33 | + RUSTSEC-2026-0007 advisory. |
| 34 | + |
| 35 | +- Fixed a possible crash caused by invalid pointer alignment on some platforms. |
| 36 | + This fix is courtesy of Hsuan-Ming Chen at Synology PSIRT. |
| 37 | + |
6 | 38 | ## 1.5.1 |
7 | 39 |
|
8 | 40 | ClamAV 1.5.1 is a patch release with the following fixes: |
|
0 commit comments