X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=NEWS;h=e9180adc73aa0fc00235d018c77843efeb4b2ff5;hb=27df27d4b9b3b6089c772641fb1e99a208859627;hp=af64d9bc52cac74314aaf4a0db11e055f204d48a;hpb=251c47001b951ec10dcd08b7d727e103560f8f25;p=openssl.git diff --git a/NEWS b/NEWS index af64d9bc52..e9180adc73 100644 --- a/NEWS +++ b/NEWS @@ -5,12 +5,7 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Known issues in OpenSSL 1.0.2: - - o v3_scts.c compilation error on some platforms: fixed in 1.0.2-beta2-dev - o Issues compiling WIN32 fips static libraries: fixed in 1.0.2-beta2-dev - - Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.2 [in beta]: + Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.2 [in beta]: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 @@ -21,6 +16,39 @@ o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] + + o Fix for CVE-2014-3513 + o Fix for CVE-2014-3567 + o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) + o Fix for CVE-2014-3568 + + Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] + + o Fix for CVE-2014-3512 + o Fix for CVE-2014-3511 + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3509 + o Fix for CVE-2014-5139 + o Fix for CVE-2014-3508 + + Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] + + o Fix for CVE-2014-0224 + o Fix for CVE-2014-0221 + o Fix for CVE-2014-0195 + o Fix for CVE-2014-3470 + o Fix for CVE-2010-5298 + + Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] + + o Fix for CVE-2014-0160 + o Add TLS padding extension workaround for broken servers. + o Fix for CVE-2014-0076 + Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] o Don't include gmt_unix_time in TLS server and client random values