Dear all,
Network Security Services (NSS) 3.69.1 was released on 26 August 2021. The HG tag is NSS_3_69_1_RTM. NSS 3.69.1 requires NSPR 4.32 or newer. NSS 3.69.1 source distributions are available on ftp.mozilla.org <http://ftp.mozilla.org/> for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_1_RTM/src/ <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_1_RTM/src/>> Bugs fixed: - Bug 1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default - Bug 1720226 (Backout) - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69.1 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.69.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries. Bugs discovered should be reported by filing a bug report at <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>> Release notes will be available at <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html>> though you should expect some delay. - - Additional information: - - NSS 3.69.1 is a dot release based on the content of Firefox 92. Due to some issues with the process for bringing NSS releases to Firefox, commits for 1722613 and 1720226 were absent from the Firefox 92 branch which was associated to NSS 3.69. Due to time constraints a decision was made to align the content of 3.69.1 with the Fx92 branch by backing out these changes instead of restoring these commits. Note that Bug 1720226 was also known to introduce a performance regression that has been fixed in the main/default branch of NSS (Bug 1726022). Since the change has been backed out in this release, 3.69.1 does not suffer from that performance regression. The fix is however not in 3.69 (which is affected) but will be in the 3.70 branch, which benefits from both the change and the fix for the regression. The NSS 3.70 release is on schedule and will happen on September 2nd. -- You received this message because you are subscribed to the Google Groups "dev-tech-crypto@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-crypto+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/74885451-4529-4995-A9CC-8FB959BC7258%40mozilla.com.
