Links upstream just released version 2.14 which fixes some security issues.
Security bug fixed: Don't load or render the content of "407 Proxy Authentication Required" reply when using https proxy. This avoids the FalseCONNECT attack.
Limit keepalive of ciphers with 64-bit block size to mitigate the SWEET32 attack
Created links tracking bugs for this issue:
Affects: epel-all [bug 1417586]
Affects: fedora-all [bug 1417587]