Checking __STDC_VERSION__ rather than __STRICT_ANSI__

[openssl.git] / NEWS.md

diff --git a/NEWS.md b/NEWS.md
index 630c57ae53d866b821e75c7b0667cfaacb04e09b..36a157bc3db9f88d7dbd28fa6fce673e9f943d52 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -25,11 +25,18 @@ OpenSSL 3.1
     by default.
   * TCP Fast Open (RFC7413) support is available on Linux, macOS, and FreeBSD
     where enabled and supported.
+  * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
 
 OpenSSL 3.0
 -----------
 
-### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3
+### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022]
+
+  * Fixed additional bugs in the c_rehash script which was not properly
+    sanitising shell metacharacters to prevent command injection
+    ([CVE-2022-2068])
+
+### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022]
 
   * Fixed a bug in the c_rehash script which was not properly sanitising shell
     metacharacters to prevent command injection ([CVE-2022-1292])
@@ -122,7 +129,8 @@ OpenSSL 3.0
     RC4, RC5 and SEED cipher functions have been deprecated.
   * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
     have been deprecated.
-  * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
+  * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0,
+    except when RSA key exchange without SHA1 is used.
   * Added providers, a new pluggability concept that will replace the
     ENGINE API and ENGINE implementations.