blob: 697966fbab2aedab64eca77a4b96cdbad67d1d3d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
.. _mozilla_projects_nss_nss_3_16_4_release_notes:
NSS 3.16.4 release notes
========================
`Introduction <#introduction>`__
--------------------------------
.. container::
Network Security Services (NSS) 3.16.4 is a patch release for NSS 3.16. The bug fixes in NSS
3.16.4 are described in the "Bugs Fixed" section below.
.. _distribution_information:
`Distribution Information <#distribution_information>`__
--------------------------------------------------------
.. container::
The HG tag is NSS_3_16_4_RTM. NSS 3.16.4 requires NSPR 4.10.6 or newer.
NSS 3.16.4 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_4_RTM/src/
.. _new_in_nss_3.16.4:
`New in NSS 3.16.4 <#new_in_nss_3.16.4>`__
------------------------------------------
.. container::
This release consists primarily of CA certificate changes as listed below, and includes a small
number of bug fixes.
.. _notable_changes_in_nss_3.16.4:
`Notable Changes in NSS 3.16.4 <#notable_changes_in_nss_3.16.4>`__
------------------------------------------------------------------
.. container::
- The following **1024-bit** root CA certificate was **restored** to allow more time to develop
a better transition strategy for affected sites. It was removed in
:ref:`mozilla_projects_nss_nss_3_16_3_release_notes`, but discussion in the
mozilla.dev.security.policy forum led to the decision to keep this root included longer in
order to give website administrators more time to update their web servers.
- CN = GTE CyberTrust Global Root
- SHA1 Fingerprint: 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
- In :ref:`mozilla_projects_nss_nss_3_16_3_release_notes`, the **1024-bit** "Entrust.net Secure
Server Certification Authority" root CA certificate (SHA1 Fingerprint:
99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39) was removed. In NSS 3.16.4, a
**2048-bit** intermediate CA certificate has been included, without explicit trust. The
intention is to mitigate the effects of the previous removal of the 1024-bit Entrust.net root
certificate, because many public Internet sites still use the "USERTrust Legacy Secure Server
CA" intermediate certificate that is signed by the 1024-bit Entrust.net root certificate. The
inclusion of the intermediate certificate is a temporary measure to allow those sites to
function, by allowing them to find a trust path to another **2048-bit** root CA certificate.
The temporarily included intermediate certificate expires November 1, 2015.
.. _bugs_fixed_in_nss_3.16.4:
`Bugs fixed in NSS 3.16.4 <#bugs_fixed_in_nss_3.16.4>`__
--------------------------------------------------------
.. container::
This Bugzilla query returns all the bugs fixed in NSS 3.16.4:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.16.4
|