GnuPG VS-Desktop 3.3.1

GnuPG VS-Desktop® version 3.3.1 is available since 2025-04-16. This release fixes a few bugs and comes with a security fix for optional Okular component. The previous version was 3.3.0.

Notes to Admins

If you are using UNC paths and the workaround mentioned in the “Known Issues” section is not workable for you, please install version 3.3.2 instead of 3.3.1. This version will be released shortly.

A security bug has been found in the freetype library which is used by the included PDF viewer Okular. Okular is not installed by default; if it has been selected for installation an update to this version of GnuPG VS-Desktop is required to avoid attacks in PDF documents using rogue embedded fonts. (CVE-2025-27363)

Note that already with the previous version (3.3.0) X.509 root certificates configured in the local trustlist.txt file are not any longer used. To revert to the former behaviour the DisableUserTrustlist registry entry can be set to the value "0" (see Registry keys for S/MIME). For more information on the overall configuration of root certificates see the FAQ entry on S/MIME certificate trust.

Solved Bugs

GUI (Kleopatra)

  • Fix a regression in the gpgme library which showed the string "unknown" instead of "RSA NNNN". This fixes the known issue "Algorithm Display" from 3.3.0. (T7508)
  • Avoid lockups when migrating multiple user ID certifications to exportable state. (T7600)
  • Updated some filter item translations. (T7529)

Engine (GnuPG)

  • gpg: Fix a double free of internal data in –no-sig-cache mode. (T7547)
  • scdaemon: Fix possible lockup on Windows due to lost select results. (T2982)
  • Improve the code to handle very long file names on Windows. (rEa4a692fcf1)

Outlook Add-In (GgpOL)

  • Show signature status in ribbon for mails stored in files (.eml or .msg). (T6646)
  • Better distinguish level 3 signature security level from level 2 by using a double check mark in the icon. (T7079)
  • Consider the Policy Registry entry for ReadAsPlain first. This fixes the known issue "Group policy may not be taken into account" from 3.3.0. (T5681)
  • Allow the "Permanently decrypt" feature only after a successful decryption operation to avoid having unreadable mail on canceling the decryption. (T7485)
  • Fix a crash when cancelling an encrypted draft in certain cases. (T7590)

Known Issues

UNC path

Files accessed via a UNC path cannot be encrypted or decrypted. This results in the error message “System error w/o errno” when attempting to encrypt and “Decryption failed: No data.” when attempting to decrypt.

Workaround

Integrate the storage location via a drive letter.

Versions of the Components

Component Version Remarks
GnuPG 2.2.47  
Kleopatra 3.3.1  
GpgOL 2.6.0  
GpgEX 1.0.11  
Libgcrypt 1.8.11 T6335
Libksba 1.6.7 T7173

This page as PDF.

Unless otherwise noted, these web pages are: Copyright 2025 g10 Code GmbH. Verbatim copying and distribution is permitted in any medium, provided this notice is preserved. See the Legal Notice & Privacy Policy for details. This page was last changed on 2025-04-16.