This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1q and OpenSSL 1.1.1r [under development]
+
+ o
+
+ Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]
+
+ o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+ (CVE-2022-2097)
+
+ Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]
+
+ o Fixed additional bugs in the c_rehash script which was not properly
+ sanitising shell metacharacters to prevent command injection
+ (CVE-2022-2068)
+
+ Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022]
+
+ o Fixed a bug in the c_rehash script which was not properly sanitising
+ shell metacharacters to prevent command injection (CVE-2022-1292)
+
+ Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
+
+ o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
+ forever for non-prime moduli (CVE-2022-0778)
+
+ Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
+
+ o None
+
+ Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
+
+ o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
+ o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712)
+
+ Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
+
+ o Fixed a problem with verifying a certificate chain when using the
+ X509_V_FLAG_X509_STRICT flag (CVE-2021-3450)
+ o Fixed an issue where an OpenSSL TLS server may crash if sent a
+ maliciously crafted renegotiation ClientHello message from a client
+ (CVE-2021-3449)
+
+ Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+
+ o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+ function (CVE-2021-23841)
+ o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks
+ o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+ EVP_DecryptUpdate functions (CVE-2021-23840)
+ o Fixed SRP_Calc_client_key so that it runs in constant time
+
+ Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
+
+ o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
+
+ Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
+
+ o Disallow explicit curve parameters in verifications chains when
+ X509_V_FLAG_X509_STRICT is used
+ o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
+ contexts
+ o Oracle Developer Studio will start reporting deprecation warnings
+
+ Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
+
+ o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
+
+ Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
+
+ o Revert the unexpected EOF reporting via SSL_ERROR_SSL
+
+ Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
+
+ o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+ used in exponentiation with 512-bit moduli (CVE-2019-1551)
+ o Properly detect unexpected EOF while reading in libssl and report
+ it via SSL_ERROR_SSL
+
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
o Fixed a fork protection issue (CVE-2019-1549)