diff options
Diffstat (limited to 'security/nss/doc/rst/legacy/nss_releases/nss_3.16.4_release_notes/index.rst')
-rw-r--r-- | security/nss/doc/rst/legacy/nss_releases/nss_3.16.4_release_notes/index.rst | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/security/nss/doc/rst/legacy/nss_releases/nss_3.16.4_release_notes/index.rst b/security/nss/doc/rst/legacy/nss_releases/nss_3.16.4_release_notes/index.rst new file mode 100644 index 0000000000..697966fbab --- /dev/null +++ b/security/nss/doc/rst/legacy/nss_releases/nss_3.16.4_release_notes/index.rst @@ -0,0 +1,75 @@ +.. _mozilla_projects_nss_nss_3_16_4_release_notes: + +NSS 3.16.4 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.16.4 is a patch release for NSS 3.16. The bug fixes in NSS + 3.16.4 are described in the "Bugs Fixed" section below. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_16_4_RTM. NSS 3.16.4 requires NSPR 4.10.6 or newer. + + NSS 3.16.4 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_4_RTM/src/ + +.. _new_in_nss_3.16.4: + +`New in NSS 3.16.4 <#new_in_nss_3.16.4>`__ +------------------------------------------ + +.. container:: + + This release consists primarily of CA certificate changes as listed below, and includes a small + number of bug fixes. + +.. _notable_changes_in_nss_3.16.4: + +`Notable Changes in NSS 3.16.4 <#notable_changes_in_nss_3.16.4>`__ +------------------------------------------------------------------ + +.. container:: + + - The following **1024-bit** root CA certificate was **restored** to allow more time to develop + a better transition strategy for affected sites. It was removed in + :ref:`mozilla_projects_nss_nss_3_16_3_release_notes`, but discussion in the + mozilla.dev.security.policy forum led to the decision to keep this root included longer in + order to give website administrators more time to update their web servers. + + - CN = GTE CyberTrust Global Root + + - SHA1 Fingerprint: 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74 + + - In :ref:`mozilla_projects_nss_nss_3_16_3_release_notes`, the **1024-bit** "Entrust.net Secure + Server Certification Authority" root CA certificate (SHA1 Fingerprint: + 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39) was removed. In NSS 3.16.4, a + **2048-bit** intermediate CA certificate has been included, without explicit trust. The + intention is to mitigate the effects of the previous removal of the 1024-bit Entrust.net root + certificate, because many public Internet sites still use the "USERTrust Legacy Secure Server + CA" intermediate certificate that is signed by the 1024-bit Entrust.net root certificate. The + inclusion of the intermediate certificate is a temporary measure to allow those sites to + function, by allowing them to find a trust path to another **2048-bit** root CA certificate. + The temporarily included intermediate certificate expires November 1, 2015. + +.. _bugs_fixed_in_nss_3.16.4: + +`Bugs fixed in NSS 3.16.4 <#bugs_fixed_in_nss_3.16.4>`__ +-------------------------------------------------------- + +.. container:: + + This Bugzilla query returns all the bugs fixed in NSS 3.16.4: + + https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.16.4
\ No newline at end of file |