diff options
Diffstat (limited to 'security/nss/doc/rst/releases/nss_3_98.rst')
-rw-r--r-- | security/nss/doc/rst/releases/nss_3_98.rst | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/security/nss/doc/rst/releases/nss_3_98.rst b/security/nss/doc/rst/releases/nss_3_98.rst new file mode 100644 index 0000000000..4a4a415a12 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_98.rst @@ -0,0 +1,76 @@ +.. _mozilla_projects_nss_nss_3_98_release_notes: + +NSS 3.98 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.98 was released on *15th February 2024**. + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_98_RTM. NSS 3.98 requires NSPR 4.35 or newer. + + NSS 3.98 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_98_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.98: + +`Changes in NSS 3.98 <#changes_in_nss_3.98>`__ +------------------------------------------------------------------ + +.. container:: + + - Bug 1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS. + - Bug 1879513 - Certificate Compression: enabling the check that the compression was advertised. + - Bug 1831552 - Move Windows workers to nss-1/b-win2022-alpha. + - Bug 1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA. + - Bug 1877344 - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`. + - Bug 1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression. + - Bug 1548723 - TLS Certificate Compression (RFC 8879) Implementation. + - Bug 1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests. + - Bug 1870673 - Set nssckbi version number to 2.66. + - Bug 1874017 - Add Telekom Security roots. + - Bug 1873095 - Add D-Trust 2022 S/MIME roots. + - Bug 1865450 - Remove expired Security Communication RootCA1 root. + - Bug 1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys. + - Bug 1876800 - remove unmaintained tls-interop tests. + - Bug 1874937 - bogo: add support for the -ipv6 and -shim-id shim flags. + - Bug 1874937 - bogo: add support for the -curves shim flag and update Kyber expectations. + - Bug 1874937 - bogo: adjust expectation for a key usage bit test. + - Bug 1757758 - mozpkix: add option to ignore invalid subject alternative names. + - Bug 1841029 - Fix selfserv not stripping `publicname:` from -X value. + - Bug 1876390 - take ownership of ecckilla shims. + - Bug 1874458 - add valgrind annotations to freebl/ec.c. + - Bug 864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip. + - Bug 1875965 - Update zlib to 1.3.1. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.98 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). |