1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
6 <!--#include virtual="header.html" -->
8 <H2 align="center">Welcome to the rsync web pages</H2>
10 rsync is an <A HREF="http://www.opensource.org/">open source</A>
11 utility that provides fast incremental file transfer. rsync is freely
12 available under the <A HREF="GPL.html">GNU General Public
15 <p><i>(If you're using a version of rsync older than 2.6.3, see below for some security advisories.)</i>
17 <h3>Rsync 2.6.6pre1 released</h3>
19 <p><i style="color:#777777">July 7th, 2005</i>
21 <p>Rsync version 2.6.6pre1 has been released. This release is a preliminary
22 release for trying out a zlib upgrade to version 1.2.2 plus a security fix for
23 the latest security problem found in zlib. I had originally thought that this
24 release was needed to fix a security problem in the zlib included in rsync, but
25 it turns out that zlib 1.1.4 (which is used in 2.6.5 and earlier) is not affected
26 by this latest zlib security problem.
28 <p>If you'd like to read about all the fixes that are in 2.6.6pre1, read the
29 <a href="http://rsync.samba.org/ftp/rsync/preview/NEWS">NEWS file</a>.
31 <p>You can download the pre-release version either as a tar file:
32 <b><a href="/ftp/rsync/preview/rsync-2.6.6pre1.tar.gz">rsync-2.6.6pre1.tar.gz</a>
33 (<a href="/ftp/rsync/preview/rsync-2.6.6pre1.tar.gz.asc">signature</a>),
34 </b>or a set of diffs based on 2.6.5:<b>
35 <a href="/ftp/rsync/preview/rsync-2.6.5-2.6.6pre1.diffs.gz">rsync-2.6.5-2.6.6pre1.diffs.gz</a>
36 (<a href="/ftp/rsync/preview/rsync-2.6.5-2.6.6pre1.diffs.gz.asc">signature</a>)</b>.
38 <h3>Rsync 2.6.5 released</h3>
40 <p><i style="color:#777777">June 1st, 2005</i>
42 <p>Rsync version 2.6.5 has been released. This release is primarily a bug-fix
43 release to squash some annoying problems that made it into the (feature-filled)
44 release of 2.6.4, plus a few minor enhancements.
46 <p>See the <a href="/ftp/rsync/NEWS">release NEWS</a> for the
47 details of what changed since 2.6.4, and the
48 <a href="/ftp/rsync/OLDNEWS">OLDNEWS file</a> for details of what changed
49 in prior versions. You can also read the man pages for
50 <a href="http://rsync.samba.org/ftp/rsync/rsync.html">rsync</a> and
51 <a href="http://rsync.samba.org/ftp/rsync/rsyncd.conf.html">rsyncd.conf</a>.
53 <p>See the <a href="download.html">download page</a> for all the ways
54 to grab the new version, or snag one of these:
55 <b><a href="/ftp/rsync/rsync-2.6.5.tar.gz">rsync-2.6.5.tar.gz</a>
56 (<a href="/ftp/rsync/rsync-2.6.5.tar.gz.asc">signature</a>),
57 <a href="/ftp/rsync/rsync-2.6.4-2.6.5.diffs.gz">rsync-2.6.4-2.6.5.diffs.gz</a>
58 (<a href="/ftp/rsync/rsync-2.6.4-2.6.5.diffs.gz.asc">signature</a>)</b>.
59 Note that the diffs do not contain updates for the "patches" dir -- grab the tar
60 file if you want the full release.
63 <h3>Rsync 2.6.4 released</h3>
65 <p><i style="color:#777777">March 30th, 2005</i>
67 <p>Rsync version 2.6.4 has been released. This release combines quite a
68 few new features, some improved delete efficiency, and the usual array of
71 <p>See the <a href="/ftp/rsync/old-versions/rsync-2.6.4-NEWS">release NEWS</a> for the
72 details of what changed since 2.6.3.
75 <h3>Rsync 2.6.3 released</h3>
77 <p><i style="color:#777777">September 30th, 2004</i>
79 <p>Rsync version 2.6.3 has been released. It contains several new features
80 and quite a few bug fixes.
82 <p>See the <a href="/ftp/rsync/old-versions/rsync-2.6.3-NEWS">release NEWS</a> for the
83 details of what changed since 2.6.2.
86 <a name="security_aug04"></a>
87 <h3 style="color:red">August 2004 Security Advisory</h3>
89 <p><i style="color:#777777">August 12th, 2004</i>
91 <p>There is a path-sanitizing bug that affects daemon-mode in
92 rsync versions through version 2.6.2, but only if chroot is disabled. It
93 does NOT affect the normal send/receive filenames that specify what
94 files should be transferred (this is because these names happen to get
95 sanitized twice, and thus the second call removes any lingering leading
96 slash(es) that the first call left behind). It does affect certain
97 option paths that cause auxilliary files to be read or written.
99 <p>This bug was fixed in version 2.6.3 of rsync.
101 <p>One potential fix that doesn't require recompiling rsync is to set
102 "use chroot = true" for all the modules in the rsyncd.conf file.
105 <h3>Rsync 2.6.2 released</h3>
107 <p><i style="color:#777777">April 30th, 2004</i>
109 <p>Rsync version 2.6.2 has been released. It is a bugfix release that mainly
110 fixes <b>a bug with the --relative option (-R) in 2.6.1</b>
111 that could cause files to be transferred incorrectly. This only affected a
112 source right at the root of the filesystem, such as "/" or "/*" (if you
113 first "cd /" and then copy from ".", it would not tickle the bug).
115 <p>See the <a href="/ftp/rsync/old-versions/rsync-2.6.2-NEWS">release NEWS</a> for the
116 details of what else was fixed.
119 <h3>Rsync 2.6.1 released</h3>
121 <p><i style="color:#777777">April 26th, 2004</i>
123 <p>Rsync version 2.6.1 has been released. It is primarily a performance
124 release that requires less memory to run, makes fewer write calls to the socket
125 (lowering the system CPU time), does less string copying (lowering the user CPU
126 time), and also reduces the amount of data that is transmitted over the wire.
127 There have also been quite a few bug fixes. See the
128 <a href="/ftp/rsync/old-versions/rsync-2.6.1-NEWS">release NEWS</a> for the full
132 <a name="security_apr04"></a>
133 <h3 style="color:red">April 2004 Security Advisory</h3>
135 <p><i style="color:#777777">April 26th, 2004</i>
137 <p>There is a security problem in all versions prior to 2.6.1 that affects only
138 people running a read/write daemon WITHOUT using chroot. If the user privs
139 that such an rsync daemon is using is anything above "nobody", you are at risk
140 of someone crafting an attack that could write a file outside of the module's
141 "path" setting (where all its files should be stored). Please either enable
142 chroot or upgrade to 2.6.1. People not running a daemon, running a read-only
143 daemon, or running a chrooted daemon are totally unaffected.
146 <h3>One Cygwin hang-problem resolved</h3>
148 <p>The problem with rsync hanging at the end of the transfer on
149 <a href="http://www.cygwin.com/">Cygwin</a> had been previously traced to a
150 signal-handling bug in their compatibility DLL. This bug appears to now be
151 fixed in DLL version 1.5.7-1, and Cygwin users are reporting that upgrading the
152 DLL removes the hang-at-end-of-transfer problem for their existing rsync executable.
153 (Note that this doesn't solve a hang that some folks see in the middle of a
154 transfer -- using daemon mode instead of ssh can work around that one.)
157 <a name="two_six"></a>
158 <h3>Rsync 2.6.0 released</h3>
160 <p><i style="color:#777777">January 1st, 2004</i>
162 <P> Two important things to note in the new release:
166 <li>The default remote shell is now "ssh" unless you tell configure you want to
167 make something else the default.
169 <li>Some bug fixes in the include/exclude code, while making things work
170 properly, have resulted in some user-visible changes for certain wildcard
171 strings. Read the BUG FIXES section in the
172 <a href="/ftp/rsync/old-versions/rsync-2.6.0-NEWS">NEWS file</a> to see if
173 any of these changes apply to you.
174 (Most people should be unaffected.)
178 <p>One other item of note is that the oft-requested option "--files-from" is now
179 available. This option lets you specify a list of files to transfer, and can
180 be much more efficient than a recursive descent using include/exclude
181 statements (if you know in advance what files you want to transfer). The list
182 of files can come from either side of the connection, so it is possible for a
183 server to provide the file-list that lets someone grab a server-specified set of
184 files, for example. See the <a href="/ftp/rsync/rsync.html">rsync man page</a>
187 <p>For a full list of changes in version 2.6.0, see the
188 <a href="/ftp/rsync/old-versions/rsync-2.6.0-NEWS">release NEWS</a>.
190 <a name="security_dec03"></a>
191 <h3 style="color:red">December 2003 Security Advisory</h3>
193 <p><i style="color:#777777">December 4th, 2003</i>
195 <p>Rsync version 2.5.6 and earlier contains a heap overflow vulnerability that
196 could be used to remotely run arbitrary code, but this only affects the use of
197 rsync as an "rsync daemon" (where rsync handles incoming socket connections,
198 typically on port 873).
200 <p>This bug was fixed in rsync 2.5.7.
202 <!--#include virtual="footer.html" -->