News Archive

Irssi 1.0.5 Released

Posted on October 22^nd 2017

Irssi 1.0.5 has been released. This release fixes a few security issues in Irssi as well as a few bugs. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.

Most issues have been identified using fuzzing, thanks to Hanno Böck and Joseph Bisch. We expect Joseph will be able to tell you more about his newest fuzzer at freenode.live on the weekend!

For more information refer to the security advisory.

This release can be downloaded from our releases page. Binary test packages for various Linux distributions are automatically generated by the openSUSE Build Service and are available for download in the irssi-test repository.

Please check with your distro whether they provide officially updated packages.

We currently do not have any alternate advice.

The Irssi Team.

Irssi 1.0.4 Released

Posted on July 7^th 2017

Irssi 1.0.4 has been released. This release fixes two remote crash issues in Irssi as well as a few bugs, correcting a mistake that was introduced in 1.0.3 while parsing some time-related settings. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.

Our bug reporter Brian 'geeknik' Carpenter writes:

34 days after reading Fuzzing Irssi, my AFL instance was finally able to trigger a null pointer dereference in irssi 1.0.2. [...] Hopefully this one isn't fixed yet.

35 days after reading Fuzzing Irssi, my AFL instance triggered a heap-use-after-free in irssi 1.0.2. Compiled on Debian 8 x64 following the instructions and patches of the referenced article. (;

For more information refer to the security advisory.

Thanks, Brian!

This release can be downloaded from our releases page. Binary test packages for various Linux distributions are automatically generated by the openSUSE Build Service and are available for download in the irssi-test repository.

Please check with your distro whether they provide officially updated packages.

We currently do not have any alternate advice.

The Irssi Team.

Irssi 1.0.3 Released

Posted on June 6^th 2017

Irssi 1.0.3 has been released. This release fixes two remote crash issue in Irssi as well as a few bug fixes, the most notable that TLS can now be disabled from within the text-UI. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.

Read the security advisory.

Read more... the Irssi Team.

Fuzzing Irssi

Posted by Joseph Bisch on May 12^th 2017

Hello fellow Irssi users and people interested in learning about fuzzing,

There have been recent efforts within the Irssi and open source security communities to make Irssi more secure through the use of fuzzing. For example the security bugs revealed in the first Irssi security advisory of 2017 were found by fuzzing. In this blog post, we will cover an introduction to fuzzing, how to fuzz Irssi, and a look at a couple of actual bugs found in past versions of Irssi.

Read more... the Irssi Team.

Help us test horizontal/vertical splits

Posted by Nei on May 6^th 2017

It all started in 2005, when I asked in FS#310 whether vertical splits would be possible. By that, of course, I meant to split the windows horizontally in a line. At that time, the most popular version of Irssi had been 0.8.9 for several years.

Read more... the Irssi Team.

Poll: Non-UTF-8 discontinuation

Posted on March 12^th 2017

Hello fellow Irssi users,

We are planning to remove 8-bit and Chinese support from Irssi.

Interaction with legacy IRC channels would still be provided through /recode, as it is currently.

However, Irssi would stop working on non-UTF-8 terminals (or at least appear heavily glitched)

If you have any helpful comments or concerns about this topic, please raise your voice either in the GitHub issue 671 or by writing an e-mail. We're especially interested to learn about people who are still using the 8-bit support and why you would not be able to move to Unicode.

Thank you for your support,

The Irssi Team.

Irssi 1.0.2 Released

Posted on March 11^th 2017

Irssi 1.0.2 has been released. This release fixes a remote crash issue in Irssi 1.0 as well as a few bug fixes, the most notable a regression that broke incoming DCC file transfers. There are no new features. All Irssi 1.0 users should upgrade to this version. See the NEWS for details.

Furthermore, we need to emphasise that in Irssi 1.0 up to and including 1.0.2, GRegex is not UTF-8 compliant. Enabling UTF-8 in GRegex while receiving arbitrary messages (i.e. invalid UTF-8, as happens frequently on IRC) would lead to memory issues and crashes, therefore it is currently operating in byte mode. You can either choose to revert to your system provided regex engine using --disable-gregex at ./configure time and hope that it does whatever you need, or join the discussion on issue #636 for how to best solve this problem, or apply the patch from PR#653 if you need proper Unicode-aware regexen in /hilight and /ignore as an intermediate solution.

Read the security advisory.

Read more... the Irssi Team.

Irssi 1.0.1 Released

Posted on February 5^th 2017

Irssi 1.0.1 has been released. This release is our first bug fix release on the 1.0 branch. You won't see new features on 1.0. Most importantly, a mistake that broke tab completion of settings and aliases has been corrected, as well as a memory leak during SASL found by Joseph Bisch. All users of 1.0.0 should upgrade to this version. See the NEWS for details.

Read more... the Irssi Team.