On monday HydraIRC, calling itself “the professional client”, posted an announcement of a new version that has been released back in December on its website.
The announcement mentions a good reason for the update – security issues that also have plagued other clients as well, again in the form of malicious irc:// URLs which can lead to a crash of the client. The changelog calls the vulnerability a “remote DoS exploit” that is present in the “parsing code for long irc:// urls” but only when “hydrairc’s url handler is enabled.”
The posting states that to make the client crash you’d have to visit a website that contains the malicious irc:// link – so that’s one more reason to not just open any link you see being posted on IRC.
The real news, however, are below:
Hydra, the author of HydraIRC, says that “contrary to popular belief HydraIRC is NOT dead” and that he “and many other users still use it on a daily basis”. He also decided to open up the SVN repositories to the general public so “willing developers can get the source code without having to register with me first”.
Talking about the availability of the sourcecode he states that he’d “love to see what you come up with” and that “if you need inspiration check out TODO.TXT or come and talk to me in #HydraIRC on Efnet or Freenode”.
Closing the announcement he writes that the “HydraIRC source code is NOT GPL/BSD/OSI Approved and you MAY NOT use it for any purpose other than for helping to contribute to HydraIRC. Please read LICENSE.TXT for more information.”
The client can be downloaded from here.