Skip to content

v1.7.1

Latest
Latest

Choose a tag to compare

View all tags
@kaukabrizvi kaukabrizvi released this 02 Mar 19:41
1.7.1
e82d625
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release Summary:

  • Delete all code that references Kyber.
  • Fix the alignment used in the Rust bindings custom allocator to match the C malloc alignment contract.
  • s2n-tls now errors if a peer sent an ECDSA signature with a mislabeled curve.
  • each connection now uses 57 less bytes.
  • We would like to thank Joshua Rogers (https://joshua.hu/) of AISLE Research Team (https://aisle.com/) for reporting the following issues:
    • fix(bindings): use max_align_t for allocator alignment in #5745
    • fix(quic support): Wipe buffers after reading post-handshake message in #5750
    • fix(bindings): tie ClientHello lifetime to Fingerprint in #5747
    • fix: add bound check for Yc_length against server DH params in #5737
    • Memory overallocation in aws-kms-tls-auth, addressed in GHSA-5whh-4q9j-7v28

What's Changed

  • fix: restrict mldsa signatures based on certificate by @jmayclin in #5713
  • feat(bindings): expose signature scheme API by @jmayclin in #5708
  • build(deps): update crabgrind requirement from 0.1 to 0.2 in /tests/regression in the all-cargo-updates group across 1 directory by @dependabot[bot] in #5716
  • ci: fix typo in readme by @CarolYeh910 in #5718
  • feat(bindings): add support for metric aggregation by @jmayclin in #5709
  • fix: correct calculation of extensions bitfield size by @WesleyRosenblum in #5719
  • build(deps): bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5722
  • nix: Use rustup toolchain over nix packages rustc in devshell by @kaukabrizvi in #5712
  • Add X25519MLKEM768 benchmarks by @WillChilds-Klein in #5616
  • ci: temporary replace clang-format-action by @jouho in #5735
  • fix(benches): reduce flakiness in s2n-tls-bench daily job by @kaukabrizvi in #5728
  • chore: fix sidetrail timings by @maddeleine in #5729
  • ci: Add CI guardrail for BoringSSL fork by @kaukabrizvi in #5715
  • feat(metrics): add EMF emitter by @jmayclin in #5730
  • ci: fix fuzz failure artifact upload by @jouho in #5742
  • chore: unpin rtshark version by @jouho in #5743
  • ci: fix conventional commit check by @jouho in #5744
  • fix(bindings): tie ClientHello lifetime to Fingerprint by @WesleyRosenblum in #5747
  • fix: add bound check for Yc_length against server DH params by @CarolYeh910 in #5737
  • chore: unpin rust integration dependencies by @jouho in #5748
  • build(deps): bump actions/checkout from 4 to 6 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5746
  • fix: Add additional verification checks to ECDSA curves by @maddeleine in #5736
  • fix(bindings): use max_align_t for allocator alignment by @WesleyRosenblum in #5745
  • chore: Delete all code that references Kyber by @alexw91 in #5705
  • ci: revert clang-format workflow by @jouho in #5751
  • ci: trigger PR title check upon edit by @jouho in #5749
  • fix(quic support): Wipe buffers after reading post-handshake message by @maddeleine in #5750
  • refactor(integration): utilities module with cert materials by @jmayclin in #5753
  • build(deps): bump baptiste0928/cargo-install from 3.3.2 to 3.4.0 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5758
  • build(deps): update strum requirement from 0.27 to 0.28 in /bindings/rust/standard by @dependabot[bot] in #5759
  • test(integration): add coverage of error types for cert related failures by @jmayclin in #5755
  • refactor: Use strong libcrypto randomness instead of custom random by @kaukabrizvi in #5726
  • feat: add clearer errors for hostname, security policy failures by @jmayclin in #5761
  • docs: Add security reporting policy by @WesleyRosenblum in #5734
  • fix: rust alert getter should not modify by @lrstewart in #5756
  • Necessary changes were made in the s2n module to support AIX OS. by @patel-parth7 in #5724
  • fix: Use logical OR instead of bitwise OR by @maddeleine in #5763
  • build(deps): bump actions/upload-artifact from 6 to 7 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5764
  • revert: "fix: rust alert getter should not modify" by @kaukabrizvi in #5766

New Contributors

Full Changelog: v1.7.0...1.7.1

Contributors

WillChilds-Klein, alexw91, and 9 other contributors
Assets 2
Loading