Hi,

we are releasing GIMP 2.8.18 with a number of bug fixes, including the fix for a vulnerability found in the XCF loading code:

CVE-2016-4994 Use-after-free vulnerability in the xcf_load_image function

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994

This is a bugfix release in the stable 2.8 series, no new features were added.

For a complete list of changes since 2.8.16 please see the "Changes" section below. Also see the release notes of the 2.8 series at https://www.gimp.org/release-notes/gimp-2.8.html

Happy GIMPing, --Michael

Download
========

GIMP 2.8.18 is available from:

https://download.gimp.org/pub/gimp/v2.8/

and from the mirrors listed at:

https://www.gimp.org/downloads/#mirrors

Please use the torrent, it distributes the download bandwidth across all mirrors:

https://download.gimp.org/pub/gimp/v2.8/gimp-2.8.18.tar.bz2.torrent

The checksum of the tarball is:

5adaa11a68bc8a42bb2c778fee4d389c gimp-2.8.18.tar.bz2

Overview of Changes from GIMP 2.8.16 to GIMP 2.8.18 ===================================================

Core:

- Initialize fontconfig cache in separate thread to keep GUI responsive on first startup
- Properly recognize layer masks as deactivated, e.g. for moving layers - Create $XDG_DATA_HOME if it doesn't exist - (CVE-2016-4994) Multiple Use-After-Free when parsing XCF channel and layer properties
- Fix progress access to prevent crash on rapid sequence of commands - Fix crash in gimp-gradient-segment-range-move

GUI:

- Disable color picker buttons on OS X to prevent a GUI lockup - Disable "new-style" full-screen mode on OS X to prevent a crash - Pulsing progress bar in splash screen to indicate unknown durations - Fix gamut warning color for lcms display filter - Fix unbolding of bold font on edit - Prevent accidental renaming of wrong adjacent item

Installer:

- Change compression settings to decrease size by 20% - Add Catalan, Danish, French, Dutch

Plug-ins:

- Fix crash on sRGB JPEG image drag & drop - Fix ambiguous octal-escaped output of c-source - Fix KISS CEL export
- Fix progress bar for file-compressor - Make Script-Fu regex match return proper character indexes for Unicode characters
- Fix Script-Fu modulo for large numbers

General:

- Documentation updates - Bug fixes
- Translation updates

Contributors ============

Adrian Likins, Ell, Jehan, Jernej Simončič, João S. O. Bueno, Kristian Rietveld, Massimo Valentini, Michael Natterer, Michael Schumacher, Pedro Gimeno, Shmuel H, Simon Budig, Sven Claussner, Thomas Manni

Translators
===========

Alexandre Prokoudine, Anders Jonsson, Ask Hjorth Larsen, Balázs Úr, Baurzhan Muftakhidinov, Christian Kirbach, Cédric Valmary, Dimitris Spingos, Dimitris Spingos (Δημήτρης Σπίγγος), Dušan Kazik, Gábor Kelemen, Marco Ciampa, Mario Blättermann, Martin Srebotnjak, Piotr Drąg, Rafael Fontenelle, Sveinn í Felli, Tiago Santos, Милош Поповић,

Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD