[Gimp-developer] ANNOUNCE: GIMP 2.8.22 released


we are releasing GIMP 2.8.22 with various bug fixes.

All platforms will benefit from a change to the image window hierarchy
in single window mode, which improves painting performance when certain
GTK+ themes are used.

This version fixes an ancient CVE bug, CVE-2007-3126. Due to this bug,
the ICO file import plug-in could be crashed by specially crafted image
files. Our attempts to reproduce the bug failed with 2.8 and thus the
impact had likely been minimal for years, but now it is gone for good.

Users on the Apple macOS platforms will benefit from fixes for crashes
during drag&drop and copy&paste operations. On the Microsoft Windows
platforms, crashes encountered when using the color picker with special
multi-screen setups are gone, and picking the actual color instead of
black from anywhere on the screen should finally be possible.

For a complete list of changes since 2.8.20 please see the "Changes"
section below. Also see the release notes of the 2.8 series at

Happy GIMPing,


GIMP 2.8.22 is available from:


  and the mirrors listed in

Please use the torrents to distribute the download bandwidth across
many mirrors. You can also help seeding the packages this way.

Direct links to the download directories are available below, these are
set up to use a random mirror:


SHA1 checksums for the GIMP 2.8.22 downloads are as follows:

  c894a0d9a864d418bdbd30a22d698c731583e5c4  gimp-2.8.22.tar.bz2
  25c276d82da6b9bd07478f9d1d9bd4faccea9d4a  gimp-2.8.22-x86_64.dmg
  cf6fa10746a056ac728a83bd0121b83d645423de  gimp-2.8.22-setup.exe

Overview of Changes from GIMP 2.8.20 to GIMP 2.8.22


 - improve drawing performance in single window mode, especially with
   pixmap themes

macOS DMG:

 - Make the launcher script also set BABL_PATH
 - Add patch for GTK+ Bug 743717 to the build which concerns crashes
   during clipboard operations with a clipboard manager active
 - Add patch for GTK+ Bug 767091 to the build which concerns crashes
   on some drag & drop operations
 - generate OSX package metadata during build


 - Fix for CVE-2007-3126, a bug in the ICO plug-in which allowed
   context-dependent attackers to cause a denial of service (crash)
   via an ICO file with an InfoHeader containing a Height of zero.
   We couldn't reproduce any crash in recent version, but fixed the
   error messages for good measure
 - Avoid creating wrong layer group structure when importing PSD
   files (already fixed in 2.8.20, didn't make it to the NEWS)
 - Prevent a crash in PDF plug-in if images or resolution are large
 - stop parsing invalid PCX files early and prevent a segmentation fault


 - if NOCONFIGURE is set, autogen.sh won't run configure
 - VPATH builds for win32 targets have been fixed

Updated Translations:

 - Basque
 - Brazilian Portuguese
 - Catalan
 - Chinese (PRC)
 - Finnish
 - Greek
 - Hungarian
 - Italian
 - Kazakh
 - Norwegian
 - Polish
 - Slovenian
 - Spanish
 - Swedish


  Ell, Jehan, Kristian Rietveld, Marco Ciampa, Massimo Valentini,
  Michael Natterer, Michael Schumacher, Tobias Stoeckmann, Éric Hoffman


  Anders Jonsson, Balázs Meskó, Baurzhan Muftakhidinov,
  Daniel Mustieles, Dimitris Spingos (Δημήτρης Σπίγγος), Fran Dieguez,
  Inaki Larranaga Murgoitio, Jeff Bai, Jiri Grönroos, Jordi Mas,
  Kjartan Maraas, Marco Ciampa, Martin Srebotnjak, Piotr Drąg,
  Rafael Fontenelle

GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]