Current Development Release
The current development release of sudo is
are also available for the development releases.
For full details see the ChangeLog
file or view the commit history in
If you plan to use a development release of sudo, please subscribe
to the sudo-workers mailing list so
that you will receive updates on bug fixes and related announcements.
You may also be interested in the
sudo-commits mailing list which
receives a message for each commit to the sudo source tree.
Major changes between version 1.9.7rc2 and 1.9.7rc1:
- Fixed a regression introduced in sudo 1.9.7b1 where suspending
a command while logging to sudo_logsrvd would
result in an error.
- Fixed a bug where the sudo front-end could call the plugin close
function with a non-terminal signal argument like SIGTSTP.
Major changes between version 1.9.7rc1 and 1.9.7b2:
- The configure script now outputs a summary of the user-configurable
options at the end, separate from output of configure script tests.
- Corrected the description of which groups may be specified via the
-g option in the Runas_Spec section.
- Updated translations from
Major changes between version 1.9.7b2 and 1.9.7b1:
- Fixed a bug that prevented the log_server_verify sudoers
option from taking effect.
- The sudo_sendlog utility has a new -s option
to cause it to stop sending I/O records after a user-specified elapsed
time. This can be used to test the I/O log restart functionality
- Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
attempting to restart an interrupted I/O log transfer.
- The TLS connection timeout in the sudoers log client was previously
hard-coded to 10 seconds. It now uses the value of
- Updated translations from
Major changes between version 1.9.7b1 and 1.9.6p1:
- The fuzz Makefile target now runs all the fuzzers for 8192
passes (can be overridden via the FUZZ_RUNS variable).
This makes it easier to run the fuzzers in-tree. To run a fuzzer
indefinitely, set FUZZ_RUNS=-1, e.g. make FUZZ_RUNS=-1 fuzz.
- Fixed fuzzing on FreeBSD where the ld.lld linker returns an
error by default when a symbol is multiply-defined.
- Added support for determining local IPv6 addresses on systems
that lack the getifaddrs() function. This now works on AIX,
HP-UX and Solaris (at least).
- Fixed a bug introduced in sudo 1.9.6 that caused sudo -V to
report a usage error. Also, when invoked as sudoedit, sudo now
allows a more restricted set of options that matches the usage
statement and documentation.
GitHub Issue #95.
- Fixed a crash in sudo_sendlog when the specified certificate
or key does not exist or is invalid.
- Fixed a compilation error when sudo is configured with the
- Sudo's limited support for SUCCESS=return entries in nsswitch.conf
is now documented.
- Sudo now requires autoconf 2.70 or higher to regenerate the
- sudo_logsrvd now has a relay mode which can be used to create
a hierarchy of log servers. By default, when a relay server is
defined, messages from the client are forwarded immediately to
the relay. However, if the store_first setting is enabled,
the log will be stored locally until the command completes and
- Sudo now links with OpenSSL by default if it is available unless
the --disable-openssl configure option is used or both the
--disable-log-client and --disable-log-server
configure options are specified.
- Fixed configure's Python version detection when the version minor
number is more than a single digit, for example Python 3.10.
- The sudo Python module tests now pass for Python 3.10.
- Sudo will now avoid changing the datasize resource limit
as long as the existing value is at least 1GB. This works around
a problem on 64-bit HP-UX where it is not possible to exactly
restore the original datasize limit.
- Fixed a race condition that could result in a hang when sudo is
executed by a process where the SIGCHLD handler is set to SIG_IGN.
This fixes the bug described by GitHub PR #98.
- Fixed an out-of-bounds read in sudoedit and visudo when the
EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
unescaped backslash. Also fixed the handling of quote characters
that are escaped by a backslash.
GitHub Issue #99.