Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicruhxay5gcietjh6w4ztmkpqr3d5ocqmueq4dl6r2mnbakmv24xe",
    "uri": "at://did:plc:iuoqosr26amzfcpxojzct3gx/app.bsky.feed.post/3mk2iozqvl2o2"
  },
  "path": "/news/?id=10885",
  "publishedAt": "2026-04-22T02:55:27.054Z",
  "site": "https://savannah.gnu.org",
  "textContent": "\n\n\n> This is to announce sed-4.10, a stable release.\n>\n>  It's been more than 3.5 years and quite a few new bug fixes.\n>  Special thanks to Paul Eggert, Bruno Haible and Collin Funk\n>  for all their help, and especially to Bruno for all the gnulib\n>  support and thorough and indefatigable testing and analysis.\n>\n>  There have been 92 commits by 9 people in the 180 weeks since 4.9.\n>\n>  See the NEWS below for a brief summary.\n>\n>  Thanks to everyone who has contributed!\n>  The following people contributed changes to this release:\n>\n>  Arkadiusz Drabczyk (2)\n>  Ash Roberts (1)\n>  Brun Haible (1)\n>  Bruno Haible (5)\n>  Collin Funk (5)\n>  Hans Ginzel (1)\n>  Jim Meyering (60)\n>  Paul Eggert (16)\n>  Weixie Cui (1)\n>\n>  Jim\n>  [on behalf of the sed maintainers]\n>  ==================================================================\n>\n>  Here is the GNU sed home page:\n>  https://gnu.org/s/sed/\n>\n>  Here are the compressed sources:\n>  https://ftp.gnu.org/gnu/sed/sed-4.10.tar.gz (2.7MB)\n>  https://ftp.gnu.org/gnu/sed/sed-4.10.tar.xz (1.7MB)\n>\n>  Here are the GPG detached signatures:\n>  https://ftp.gnu.org/gnu/sed/sed-4.10.tar.gz.sig\n>  https://ftp.gnu.org/gnu/sed/sed-4.10.tar.xz.sig\n>\n>  Use a mirror for higher download bandwidth:\n>  https://www.gnu.org/order/ftp.html\n>\n>  Here are the SHA256 and SHA3-256 checksums:\n>\n>  SHA256 (sed-4.10.tar.gz) = TRef+vkuxNzsVB98Ayvhw7mhhW9JcK25WlBSIXAvUnc=\n>  SHA3-256 (sed-4.10.tar.gz) = ftB7Hf2uN4RnayBEgasV7KmqZqCxBUj7e+Am6WDaiKk=\n>  SHA256 (sed-4.10.tar.xz) = uOchgrLslqNXTimYxHt6qmTMIM4ADY6awxPMB87PKMc=\n>  SHA3-256 (sed-4.10.tar.xz) = bVWJvXR28fvhgP1XTpej6t8V+Bh2YI1lL6aGBy1cG5c=\n>\n>  Verify the base64 SHA256 checksum with 'cksum -a sha256 --check'\n>  from coreutils-9.2 or OpenBSD's cksum since 2007.\n>\n>  Verify the base64 SHA3-256 checksum with 'cksum -a sha3 --check'\n>  from coreutils-9.8.\n>\n>  Use a .sig file to verify that the corresponding file (without the\n>  .sig suffix) is intact. First, be sure to download both the .sig file\n>  and the corresponding tarball. Then, run a command like this:\n>\n>  gpg --verify sed-4.10.tar.gz.sig\n>\n>  The signature should match the fingerprint of the following key:\n>\n>  pub rsa4096/0x7FD9FCCB000BEEEE 2010-06-14 [SCEA]\n>  Key fingerprint = 155D 3FC5 00C8 3448 6D1E EA67 7FD9 FCCB 000B EEEE\n>  uid [ unknown] Jim Meyering <jim@meyering.net>\n>  uid [ unknown] Jim Meyering <meyering@fb.com>\n>  uid [ unknown] Jim Meyering <meyering@gnu.org>\n>\n>  If that command fails because you don't have the required public key,\n>  or that public key has expired, try the following commands to retrieve\n>  or refresh it, and then rerun the 'gpg --verify' command.\n>\n>  gpg --locate-external-key jim@meyering.net\n>\n>  gpg --recv-keys 7FD9FCCB000BEEEE\n>\n>  wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=sed&download=1' | gpg --import -\n>\n>  As a last resort to find the key, you can try the official GNU\n>  keyring:\n>\n>  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg\n>  gpg --keyring gnu-keyring.gpg --verify sed-4.10.tar.gz.sig\n>\n>  This release is based on the sed git repository, available as\n>\n>  git clone https://https.git.savannah.gnu.org/git/sed.git\n>\n>  with commit 89b7a2224d4faa9d8baf76094b1232ad1477ef3e tagged as v4.10.\n>\n>  For a summary of changes and contributors, see:\n>\n>  https://gitweb.git.savannah.gnu.org/gitweb/?p=sed.git;a=shortlog;h=v4.10\n>\n>  or run this command from a git-cloned sed directory:\n>  git shortlog v4.9..v4.10\n>\n>  This release was bootstrapped with the following tools:\n>  Autoconf 2.73.1-b400b\n>  Automake 1.18.1.91\n>  Gnulib 2026-04-19 15211966deb52d4cae425c655177a815a88d3fc0\n>\n>  NEWS\n>\n>  * Noteworthy changes in release 4.10 (2026-04-21) [stable]\n>\n>  ** Bug fixes\n>\n>  sed 's/a/b/g' (and other global substitutions) now works on input\n>  lines longer than 2GB. Previously, matches beyond the 2^31 byte offset\n>  would evoke a \"panic\" (exit 4).\n>  [bug present since the beginning]\n>\n>  'sed --follow-symlinks -i' no longer has a TOCTOU race that could let\n>  an attacker swap a symlink between resolution and open, causing sed to\n>  read attacker-chosen content and write it to the original target.\n>  [bug introduced in sed 4.1e]\n>\n>  sed no longer falsely matches when back-references are combined with\n>  optional groups (.?) and the $ anchor. For example, this no longer\n>  falsely matches the empty string at beginning of line:\n>  $ echo ab | sed -E 's/^(.?)(.?).?\\2\\1$/X/'\n>  Xab\n>  [bug present since \"the beginning\"]\n>\n>  In --posix mode, sed no longer mishandles backslash escapes (\\n,\n>  \\t, \\a, etc.) after a named character class like [[:alpha:]].\n>  For example, 's/^A\\n[[:alpha:]]\\n*/XXX/' would fail to match the\n>  trailing newline, treating \\n as a literal backslash and an 'n'\n>  rather than a newline. This happened when an earlier backslash\n>  escape in the same regex had already been converted, shifting the\n>  in-place normalization buffer.\n>  [bug introduced in sed 4.9]\n>\n>  sed --debug no longer crashes when a label (\":\") command is compiled\n>  before the --debug option is processed, e.g., sed -f<(...) --debug.\n>  [bug introduced in sed 4.7 with --debug]\n>\n>  sed no longer rejects the documented GNU extension 'a**' (equivalent\n>  to 'a*') in Basic Regular Expression (BRE) mode. Previously, this\n>  worked only with -E (ERE mode), even though grep has always accepted\n>  it in BRE mode.\n>  [bug present since \"the beginning\"]\n>\n>  sed no longer rejects \"\\c[\" in regular expressions\n>  [bug present since the beginning]\n>\n>  'sed --follow-symlinks -i' no longer mishandles an operand that is a\n>  short symbolic link to a long symbolic link to a file.\n>  [bug introduced in sed 4.9]\n>\n>  Fix some some longstanding but unlikely integer overflows.\n>  Internally, 'sed' now more often prefers signed integer arithmetic,\n>  which can be checked automatically via 'gcc -fsanitize=undefined'.\n>\n>  ** Changes in behavior\n>\n>  In the default C locale, diagnostics now quote 'like this' (with\n>  apostrophes) instead of `like this' (with a grave accent and an\n>  apostrophe). This tracks the GNU coding standards.\n>\n>  'sed --posix' now warns about uses of backslashes in the 's' command\n>  that are handled by GNU sed but are not portable to other\n>  implementations.\n>\n>  ** Build-related\n>\n>  builds no longer fail on platforms without the <getopt.h> header or\n>  getopt_long function.\n>  [bug introduced in sed 4.9]\n>\n\n\n",
  "title": "sed-4.10 released [stable]",
  "updatedAt": "2026-04-22T02:00:45.000Z"
}