I have just released rsync 3.4.3 which fixes 6 CVEs. The release was coordinated with distros, so vendors should have security updates out shortly. For details of the CVEs see: https://download.samba.org/pub/rsync/NEWS.html Many thanks to the security researchers who reported the issues and worked with me on getting the fixes out. Cheers, Tridge