ReleasesΒΆ

Note

NSS 3.98 is the latest version of NSS. Complete release notes are available here: NSS 3.98 release notes

NSS 3.90.2 (ESR) is the latest version of NSS. Complete release notes are available here: NSS 3.90.2 release notes

Changes in 3.98 included in this release:

  • Bug 1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS.

  • Bug 1879513 - Certificate Compression: enabling the check that the compression was advertised.

  • Bug 1831552 - Move Windows workers to nss-1/b-win2022-alpha.

  • Bug 1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA.

  • Bug 1877344 - Replace distutils.spawn.find_executable with shutil.which within mach in nss.

  • Bug 1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression.

  • Bug 1548723 - TLS Certificate Compression (RFC 8879) Implementation.

  • Bug 1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests.

  • Bug 1870673 - Set nssckbi version number to 2.66.

  • Bug 1874017 - Add Telekom Security roots.

  • Bug 1873095 - Add D-Trust 2022 S/MIME roots.

  • Bug 1865450 - Remove expired Security Communication RootCA1 root.

  • Bug 1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys.

  • Bug 1876800 - remove unmaintained tls-interop tests.

  • Bug 1874937 - bogo: add support for the -ipv6 and -shim-id shim flags.

  • Bug 1874937 - bogo: add support for the -curves shim flag and update Kyber expectations.

  • Bug 1874937 - bogo: adjust expectation for a key usage bit test.

  • Bug 1757758 - mozpkix: add option to ignore invalid subject alternative names.

  • Bug 1841029 - Fix selfserv not stripping publicname: from -X value.

  • Bug 1876390 - take ownership of ecckilla shims.

  • Bug 1874458 - add valgrind annotations to freebl/ec.c.

  • Bug 864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip.

  • Bug 1875965 - Update zlib to 1.3.1.