[dev-tech-crypto] NSS 3.117 Release
22 views
Skip to first unread message
Dennis Jackson
Oct 3, 2025, 11:44:26 AMOct 3
to dev-tec...@lists.mozilla.org
Network Security Services (NSS) 3.117 was released on 3 October 2025.
The HG tag is NSS_3_117_RTM. This version of NSS requires NSPR 4.37 or newer. The latest version of NSPR is 4.37.
NSS 3.117 source distributions are available on ftp.mozilla.org for secure HTTPS download:
<https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_117_RTM/src/>
Changes:
NSS 3.117 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
Bugs discovered should be reported by filing a bug report at <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Release notes are available at <https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>.
The HG tag is NSS_3_117_RTM. This version of NSS requires NSPR 4.37 or newer. The latest version of NSPR is 4.37.
NSS 3.117 source distributions are available on ftp.mozilla.org for secure HTTPS download:
<https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_117_RTM/src/>
Changes:
- Bug 1992218 - fix memory leak in secasn1decode_unittest.cc.
- Bug 1988913 - Add OISTE roots.
- Bug 1976051 - Add runbook for certdata.txt changes.
- Bug 1991666 - dbtool: close databases before shutdown.
- Bug 1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates.
- Bug 1956754 - don’t flush base64 when buffer is null.
- Bug 1989541 - Set use_pkcs5_pbkd2_params2_only=1 for fuzzing builds.
- Bug 1989480 - mozilla::pkix: recognize the qcStatements extension for QWACs.
- Bug 1980465 - Fix a big-endian-problematic cast in zlib calls.
- Bug 1962321 - Revert removing out/ directory after ossfuzz build.
- Bug 1988524 - Add Cryptofuzz to OSS-Fuzz build.
- Bug 1984704 - Add PKCS#11 trust tests.
- Bug 1983308 - final disable dsa patch cert.sh.
- Bug 1983320 - ml-dsa: move tls 1.3 to use streaming signatures.
- Bug 1983320 - ml-dsa: Prep Create a FindOidTagByString function.
- Bug 1983320 - ml-dsa: softoken changes.
- Bug 1983320 - ml-dsa: der key decode.
- Bug 1983320 - ml-dsa: Prep colapse the overuse of keyType outside of pk11wrap and cryptohi.
- Bug 1983320 - ml-dsa: Prep Create a CreateSignatureAlgorithmID function.
NSS 3.117 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
Bugs discovered should be reported by filing a bug report at <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Release notes are available at <https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>.
Reply all
Reply to author
Forward
0 new messages