From 5.57 NEWS:
The "redirect" option was fixed to properly handle "verifyChain = yes" (thx to Rob Hoes)."
From 5.58 NEWS:
The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein).
Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov)."
(In reply to Sam James from comment #0)
> From 5.58 NEWS:
> "Security bugfixes
> The "redirect" option was fixed to properly handle unauthenticated requests
> (thx to Martin Stein).
I believe this is CVE-2021-20230.
FYI: I bumped after speaking to blueness to 5.58.
(In reply to Conrad Kostecki from comment #2)
> FYI: I bumped after speaking to blueness to 5.58.
Thanks! Please proceed with stabilization when ready.
all arches done
cleanup of vulnerable version done