News

Irssi 1.0.4 Released

Posted on July 7th 2017

Irssi 1.0.4 has been released. This release fixes two remote crash issues in Irssi as well as a few bugs, correcting a mistake that was introduced in 1.0.3 while parsing some time-related settings. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.

Our bug reporter Brian ‘geeknik’ Carpenter writes:

34 days after reading Fuzzing Irssi, my AFL instance was finally able to trigger a null pointer dereference in irssi 1.0.2. […] Hopefully this one isn’t fixed yet.

35 days after reading Fuzzing Irssi, my AFL instance triggered a heap-use-after-free in irssi 1.0.2. Compiled on Debian 8 x64 following the instructions and patches of the referenced article. (;

For more information refer to the security advisory.

Thanks, Brian!

This release can be downloaded from our releases page. Binary test packages for various Linux distributions are automatically generated by the openSUSE Build Service and are available for download in the irssi-test repository.

Please check with your distro whether they provide officially updated packages.

We currently do not have any alternate advice.

The Irssi Team.

Irssi 1.0.3 Released

Posted on June 6th 2017

Irssi 1.0.3 has been released. This release fixes two remote crash issue in Irssi as well as a few bug fixes, the most notable that TLS can now be disabled from within the text-UI. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.

Read the security advisory.

Read more... the Irssi Team.

Fuzzing Irssi

Posted by Joseph Bisch on May 12th 2017

Hello fellow Irssi users and people interested in learning about fuzzing,

There have been recent efforts within the Irssi and open source security communities to make Irssi more secure through the use of fuzzing. For example the security bugs revealed in the first Irssi security advisory of 2017 were found by fuzzing. In this blog post, we will cover an introduction to fuzzing, how to fuzz Irssi, and a look at a couple of actual bugs found in past versions of Irssi.

Read more... the Irssi Team.

Help us test horizontal/vertical splits

Posted by Nei on May 6th 2017

It all started in 2005, when I asked in FS#310 whether vertical splits would be possible. By that, of course, I meant to split the windows horizontally in a line. At that time, the most popular version of Irssi had been 0.8.9 for several years.

Read more... the Irssi Team.

Poll: Non-UTF-8 discontinuation

Posted on March 12th 2017

Hello fellow Irssi users,

We are planning to remove 8-bit and Chinese support from Irssi.

Interaction with legacy IRC channels would still be provided through /recode, as it is currently.

However, Irssi would stop working on non-UTF-8 terminals (or at least appear heavily glitched)

If you have any helpful comments or concerns about this topic, please raise your voice either in the GitHub issue 671 or by writing an e-mail. We’re especially interested to learn about people who are still using the 8-bit support and why you would not be able to move to Unicode.

Thank you for your support,

The Irssi Team.

Irssi 1.0.2 Released

Posted on March 11th 2017

Irssi 1.0.2 has been released. This release fixes a remote crash issue in Irssi 1.0 as well as a few bug fixes, the most notable a regression that broke incoming DCC file transfers. There are no new features. All Irssi 1.0 users should upgrade to this version. See the NEWS for details.

Furthermore, we need to emphasise that in Irssi 1.0 up to and including 1.0.2, GRegex is not UTF-8 compliant. Enabling UTF-8 in GRegex while receiving arbitrary messages (i.e. invalid UTF-8, as happens frequently on IRC) would lead to memory issues and crashes, therefore it is currently operating in byte mode. You can either choose to revert to your system provided regex engine using --disable-gregex at ./configure time and hope that it does whatever you need, or join the discussion on issue #636 for how to best solve this problem, or apply the patch from PR#653 if you need proper Unicode-aware regexen in /hilight and /ignore as an intermediate solution.

Read the security advisory.

Read more... the Irssi Team.

Irssi 1.0.1 Released

Posted on February 5th 2017

Irssi 1.0.1 has been released. This release is our first bug fix release on the 1.0 branch. You won’t see new features on 1.0. Most importantly, a mistake that broke tab completion of settings and aliases has been corrected, as well as a memory leak during SASL found by Joseph Bisch. All users of 1.0.0 should upgrade to this version. See the NEWS for details.

Read more... the Irssi Team.

Irssi 1.0.0 Released

Posted on January 5th 2017

Irssi 1.0.0 has been released. This release contains many improvements. Irssi 1.0.0 includes contributions by Lukas Mai, Xavier G, Kenny Root, Jari Matilainen, Todd A. Pratt, Manish Goregaokar, B. Thibault, Joseph Bisch, Will Storey, Lauri Tirkkonen, Lauri Nurmi, Tom Feist, Thomas Samson, Dennis Schagt, Mantas Mikulėnas and François Revol. In total, 132 files changed, 3434 lines were added and 3202 lines deleted and TheLemonMan officially joined the staff. Thanks everyone! See the NEWS for details.

This release also includes the security fixes from 0.8.21, which was published at the same time as 1.0.0. Please read the 0.8.21 release notes and the security advisory.

Some hi(gh)lights:

  • irssiproxy can now forward all tags through a single port. By Lukas Mai
  • the kill buffer now remembers consecutive kills. New bindings were added: yank_next_cutbuffer and append_next_kill. By Todd A. Pratt
  • autolog_ignore_targets and activity_hide_targets learn a new syntax tag/* and * to ignore whole networks or everything. By Jari Matilainen
  • hilight got a -matchcase flag to hilight case sensitively. By Thibault B
  • Display TLS connection information upon connect. You can disable this by setting tls_verbose_connect to FALSE
  • Certificate pinning for TLS certificates
  • /names and $[…] now uses utf8 string operations. By Xavier G.
  • New setting completion_nicks_match_case
  • /channel /server /network now support modify subcommand. By Jari Matilainen
  • New option sasl_disconnect_on_failure to disconnect when SASL log-in failed

Read more... the Irssi Team.