We are happy to announce Enigmail v2.1! New features in the release:

• A new simplified setup wizard will first try to find out if you already used encrypted emails before, and then proceed in the most suitable way.
• On Windows and macOS, there is an automatic check for updates to GnuPG.
• Autocrypt: implemented key-gossip and updates to known keys
• If GnuPG 2.1 or newer are used, then key creation will default to ECC keys
• Interaction with keyservers has been rewritten from scratch, using Thunderbird-internal functions to access the keyservers.
• Full support for keys.openpgp.org, which is used as default keyserver.

Recently, a severe vulnerability called "Efail" was detected that affects Thunderbird with S/MIME and Enigmail. The vulnerability is such that you could reveal decrypted message data to a malicious third party by just reading an email, without noticing it.

We have implemented fixed version of Enigmail that prevent from this vulnerability. We therefore recommend that you:

1. update to Enigmail 2.0.5 as soon as possible.
2. If you use S/MIME, view your messages as "Simple HTML". This will block sending anything unintentionally to an external server. To switch to the "Simple HTML" view, go to menu View > Message Body As > Simple HTML