summaryrefslogtreecommitdiffstats
path: root/security/nss/doc/rst/releases/nss_3_98.rst
blob: 4a4a415a121fd92443aa20b40e6a09145a17612c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
.. _mozilla_projects_nss_nss_3_98_release_notes:

NSS 3.98 release notes
========================

`Introduction <#introduction>`__
--------------------------------

.. container::

   Network Security Services (NSS) 3.98 was released on *15th February 2024**.

`Distribution Information <#distribution_information>`__
--------------------------------------------------------

.. container::

   The HG tag is NSS_3_98_RTM. NSS 3.98 requires NSPR 4.35 or newer.

   NSS 3.98 source distributions are available on ftp.mozilla.org for secure HTTPS download:

   -  Source tarballs:
      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_98_RTM/src/

   Other releases are available :ref:`mozilla_projects_nss_releases`.

.. _changes_in_nss_3.98:

`Changes in NSS 3.98 <#changes_in_nss_3.98>`__
------------------------------------------------------------------

.. container::

  - Bug 1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS.
  - Bug 1879513 - Certificate Compression: enabling the check that the compression was advertised.
  - Bug 1831552 - Move Windows workers to nss-1/b-win2022-alpha.
  - Bug 1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA.
  - Bug 1877344 - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`.
  - Bug 1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression.
  - Bug 1548723 - TLS Certificate Compression (RFC 8879) Implementation.
  - Bug 1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests.
  - Bug 1870673 - Set nssckbi version number to 2.66.
  - Bug 1874017 - Add Telekom Security roots.
  - Bug 1873095 - Add D-Trust 2022 S/MIME roots.
  - Bug 1865450 - Remove expired Security Communication RootCA1 root.
  - Bug 1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys.
  - Bug 1876800 - remove unmaintained tls-interop tests.
  - Bug 1874937 - bogo: add support for the -ipv6 and -shim-id shim flags.
  - Bug 1874937 - bogo: add support for the -curves shim flag and update Kyber expectations.
  - Bug 1874937 - bogo: adjust expectation for a key usage bit test.
  - Bug 1757758 - mozpkix: add option to ignore invalid subject alternative names.
  - Bug 1841029 - Fix selfserv not stripping `publicname:` from -X value.
  - Bug 1876390 - take ownership of ecckilla shims.
  - Bug 1874458 - add valgrind annotations to freebl/ec.c.
  - Bug  864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip.
  - Bug 1875965 - Update zlib to 1.3.1.

`Compatibility <#compatibility>`__
----------------------------------

.. container::

   NSS 3.98 shared libraries are backwards-compatible with all older NSS 3.x shared
   libraries. A program linked with older NSS 3.x shared libraries will work with
   this new version of the shared libraries without recompiling or
   relinking. Furthermore, applications that restrict their use of NSS APIs to the
   functions listed in NSS Public Functions will remain compatible with future
   versions of the NSS shared libraries.

`Feedback <#feedback>`__
------------------------

.. container::

   Bugs discovered should be reported by filing a bug report on
   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).