1berry/openssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CHANGES.md / NEWS.md fixups ahead of release

Browse Source 
Release: yes

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27927)
This commit is contained in:
Neil Horman 2025-07-01 07:21:56 -04:00 committed by Matt Caswell
parent b3161bd9a9
commit f6c400f4cc
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CHANGES.md
View File

@ -112,6 +112,18 @@ OpenSSL 3.5
### Changes between 3.5.0 and 3.5.1 [xx XXX xxxx]
* Fix x509 application adds trusted use instead of rejected use.
Issue summary: Use of -addreject option with the openssl x509 application adds
a trusted use instead of a rejected use for a certificate.
Impact summary: If a user intends to make a trusted certificate rejected for
a particular use it will be instead marked as trusted for that use.
([CVE-2025-4575])
*Tomas Mraz*
* Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
alert being received. Older versions of OpenSSL failed with DTLS if a
no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
@ -21297,6 +21309,7 @@ ndif
<!-- Links -->
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119

12
NEWS.md
View File

@ -36,6 +36,16 @@ changes:
* Added an `openssl configutl` utility for processing the openssl
configuration file and dumping the equal configuration file.
### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [under development]
OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this
release is Low.
This release incorporates the following bug fixes and mitigations:
* Fix x509 application adds trusted use instead of rejected use.
([CVE-2025-4575])
### Major changes between OpenSSL 3.4 and OpenSSL 3.5 [under development]
OpenSSL 3.5.0 is a feature release adding significant new functionality to
@ -1902,7 +1912,7 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119