[Netatalk-admins] Netatalk 3.1.17 Released

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Netatalk 3.1.17 has been tagged and released!

Tarballs and release notes are available on GitHub:
https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-1-17

This release includes a patch for a 0-day vulnerability in the Spotlight code of afpd: CVE-2023-42464
It is recommended to upgrade any production systems running netatalk3, in particular if you have Spotlight support enabled.

The CVE advisory hasn't been flagged as public on cve.org at the time of writing, yet, but the body of the advisory can be read in this issue ticket:
https://github.com/Netatalk/netatalk/issues/486

The other notable change in this release is that we now distribute xz compressed tarballs by default, in addition to bz2.
We no longer distribute gzip compressed tarballs.

On behalf of the Netatalk development team,
Daniel Markstedt