The NSS team has released Network Security Services (NSS) 3.28.1, which is a patch release.
Below is a summary of the changes. Please refer to the full release notes for additional details, including the SHA256 fingerprints of the changed CA certificates. No new functionality is introduced in this release. This is a patch release to update the list of root CA certificates and address a minor TLS compatibility issue that some applications experienced with NSS 3.28. Notable Changes: * The following CA certificates were Removed - CN = Buypass Class 2 CA 1 - CN = Root CA Generalitat Valenciana - OU = RSA Security 2048 V3 * The following CA certificates were Added - OU = AC RAIZ FNMT-RCM - CN = Amazon Root CA 1 - CN = Amazon Root CA 2 - CN = Amazon Root CA 3 - CN = Amazon Root CA 4 - CN = LuxTrust Global Root 2 - CN = Symantec Class 1 Public Primary Certification Authority - G4 - CN = Symantec Class 1 Public Primary Certification Authority - G6 - CN = Symantec Class 2 Public Primary Certification Authority - G4 - CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 * A misleading assertion/alert has been removed when NSS tries to flush data to the peer but the connection was already reset. The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.1_release_notes The HG tag is NSS_3_28_1_RTM. NSS 3.28.1 requires NSPR 4.13.1 or newer. NSS 3.28.1 source distributions are available for secure download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_28_1_RTM/src/ A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.28.1 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
