This update for fossil to version 2.4 fixes the following issues:

- CVE-2017-17459: Client-side code execution via crafted "ssh://" URLs (bsc#1071709)

The impact of this vulnerability is more limited than similar vectors fixed in other SCMs,
as there is no known way to mask the repository URL or otherwise trigger non-interactively.

This update also contains all bug fixes and improvements in the 2.4 release:

- URL Aliases
- tech-note search capability
- Various added command line options
- Annation depth is now configurable

The following legacy options are no longer available:

- --no-dir-symlinks option
- legacy configuration sync protocol