Release notes for NSS 3.78

2 files changed, 75 insertions, 25 deletions

diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst
index 5a23443ab..c90c3f139 100644
--- a/doc/rst/releases/index.rst
+++ b/doc/rst/releases/index.rst
@@ -8,6 +8,7 @@ Releases
    :glob:
    :hidden:
 
+   nns_3_78.rst
    nns_3_77.rst
    nns_3_76_1.rst
    nns_3_76.rst
@@ -32,8 +33,8 @@ Releases
 
 .. note::
 
-   **NSS 3.77** is the latest version of NSS.
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_77_release_notes`
+   **NSS 3.78** is the latest version of NSS.
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_78_release_notes`
 
    **NSS 3.68.3** is the latest LTS version of NSS.
    Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_3_release_notes`
@@ -41,28 +42,13 @@ Releases
 
 .. container::
 
-   Changes in 3.77 included in this release:
+   Changes in 3.78 included in this release:
 
-   - Bug 1762244 - resolve mpitests build failure on Windows.
-   - Bug 1761779 - Fix link to TLS page on wireshark wiki
-   - Bug 1754890 - Add two D-TRUST 2020 root certificates.
-   - Bug 1751298 - Add Telia Root CA v2 root certificate.
-   - Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt.
-   - Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix
-   - Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
-   - Bug 1756271 - Remove token member from NSSSlot struct.
-   - Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
-   - Bug 1757279 - Support UTF-8 library path in the module spec string.
-   - Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
-   - Bug 1760827 - Add a CI Target for gcc-11.
-   - Bug 1760828 - Change to makefiles for gcc-4.8.
-   - Bug 1741688 - Update googletest to 1.11.0
-   - Bug 1759525 - Add SetTls13GreaseEchSize to experimental API.
-   - Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
-   - Bug 1755904 - Fix calculation of ECH HRR Transcript.
-   - Bug 1758741 - Allow ld path to be set as environment variable.
-   - Bug 1760653 - Ensure we don't read uninitialized memory in ssl gtests.
-   - Bug 1758478 - Fix DataBuffer Move Assignment.
-   - Bug 1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
-   - Bug 1755092 - rework signature verification in mozilla::pkix
+   - Bug 1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
+   - Bug 1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
+   - Bug 1763120 - Add ECH Grease Support to tstclnt
+   - Bug 1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
+   - Bug 1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
+   - Bug 1760813 - Make SEC_PKCS12EnableCipher succeed 
+   - Bug 1762489 - Update zlib in NSS to 1.2.12.
 
diff --git a/doc/rst/releases/nss_3_78.rst b/doc/rst/releases/nss_3_78.rst
new file mode 100644
index 000000000..5b6e1ddea
--- /dev/null
+++ b/doc/rst/releases/nss_3_78.rst
@@ -0,0 +1,64 @@
+.. _mozilla_projects_nss_nss_3_78_release_notes:
+
+NSS 3.78 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.78 was released on **28 April 2022**.
+
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_78_RTM. NSS 3.78 requires NSPR 4.32 or newer.
+
+   NSS 3.78 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_78_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.78:
+
+`Changes in NSS 3.78 <#changes_in_nss_3.78>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
+   - Bug 1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
+   - Bug 1763120 - Add ECH Grease Support to tstclnt
+   - Bug 1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
+   - Bug 1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
+   - Bug 1760813 - Make SEC_PKCS12EnableCipher succeed 
+   - Bug 1762489 - Update zlib in NSS to 1.2.12.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.78 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).