Noteworthy changes in version 2.2.12

• tools: New commands --install-key and --remove-key for gpg-wks-client. This allows to prepare a Web Key Directory on a local file system for later upload to a web server.

• gpg: New --list-option "show-only-fpr-mbox". This makes the use of the new gpg-wks-client --install-key command easier on Windows.

• gpg: Improve processing speed when --skip-verify is used.

• gpg: Fix a bug where a LF was accidentally written to the console.

• gpg: --card-status now shwos whether a card has the new KDF feature enabled.

• agent: New runtime option --s2k-calibration=MSEC. New configure option --with-agent-s2k-calibration=MSEC. [https://dev.gnupg.org/T3399]

• dirmngr: Try another keyserver from the pool on receiving a 502, 503, or 504 error. [https://dev.gnupg.org/T4175]

• dirmngr: Avoid possible CSRF attacks via http redirects. A HTTP query will not anymore follow a 3xx redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept.

• dirmngr: New command FLUSHCRL to flush all CRLS from disk and memory. [https://dev.gnupg.org/T3967]

• New simplified Chinese translation (zh_CN).

  Release-info: https://dev.gnupg.org/T4289

Noteworthy changes in version 2.2.11

• gpgsm: Fix CRL loading when intermediate certicates are not yet trusted.

• gpgsm: Fix an error message about the digest algo. [#4219]

• gpg: Fix a wrong warning due to new sign usage check introduced with 2.2.9. [#4014]

• gpg: Print the "data source" even for an unsuccessful keyserver query.

• gpg: Do not store the TOFU trust model in the trustdb. This allows to enable or disable a TOFO model without triggering a trustdb rebuild. [#4134]

• scd: Fix cases of "Bad PIN" after using "forcesig". [#4177]

• agent: Fix possible hang in the ssh handler. [#4221]

• dirmngr: Tack the unmodified mail address to a WKD request. See commit a2bd4a64e5b057f291a60a9499f881dd47745e2f for details.

• dirmngr: Tweak diagnostic about missing LDAP server file.

• dirmngr: In verbose mode print the OCSP responder id.

• dirmngr: Fix parsing of the LDAP port. [#4230]

• wks: Add option --directory/-C to the server. Always build the server on Unix systems.

• wks: Add option --with-colons to the client. Support sites which use the policy file instead of the submission-address file.

• Fix EBADF when gpg et al. are called by broken CGI scripts.

• Fix some minor memory leaks and bugs.

  Release-info: https://dev.gnupg.org/T4233