Dear Users,

I have released version 4.42 of stunnel.  This is a security bugfix release.  Upgrade is highly recommended!

The ChangeLog entry:

Version 4.42, 2011.08.18, urgency: HIGH:
* New features
  - New verify level 0 to request and ignore peer certificate.  This
    feature is useful with the new Windows GUI menu to save cached peer
    certificate chains, as SSL client certificates are not sent by default.
  - Manual page has been updated.
  - Removed support for changing Windows Service name with "service" option.
* Bugfixes
  - Fixed a heap corruption vulnerability in versions 4.40 and 4.41.  It may
    possibly be leveraged to perform DoS or remote code execution attacks.
  - The -quiet commandline option was applied to *all* message boxes.
  - Silent install (/S option) no longer attempts to create stunnel.pem.

Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/

SHA-256 hash for stunnel-4.42.tar.gz:
d33c407bfc4f58070e818081bd082c38f91cab7691ccbb794da63143c535de3b

Best regards,
Mike