Skip to content

1.6.3
Compare
Choose a tag to compare
@ydahhrk ydahhrk released this 22 Aug 03:16
· 25 commits to main since this release
1.6.3
This tag was signed with the committer’s verified signature.
ydahhrk Alberto Leiva Popper
GPG key ID: 72160FD57B242967
Learn about vigilant mode.
554c5fa
This commit was signed with the committer’s verified signature.
ydahhrk Alberto Leiva Popper
GPG key ID: 72160FD57B242967
Learn about vigilant mode.

Improvements since 1.6.2:

  1. 780b9f7: Update links to APNIC TALs
  2. #137: Update API usage for libxml2 2.12+
  3. #138: Add self-signed certificate signature validation
  4. #139, #141: Shuffle Manifest entries to complicate attacks relying on traversal order
  5. #143: Use HTTP compressed encoding when available
  6. 5689dea: Prevent crash on malformed subjectPublicKey
  7. 939d988: Prevent crash on malformed Key Usage
  8. b1eb3c5: Prevent crash on missing Authority Key Identifier
  9. 4dafbd9: Prevent crash on missing signedAttrs
  10. 942f921: Prevent crash on missing eContent
  11. 521b1a0: Prevent crash on BER-encoded signedAttrs

Thanks to @antecrescent for contributing 2, @job for 3-5, and @niklbird and Haya Schulmann for researching and reporting 6-11.

Contributors

job, niklbird, and antecrescent
Assets 10
Loading