NSS 3.114 release
26 views
Skip to first unread message
John Schanck
Jul 17, 2025, 5:22:36 PMJul 17
to dev-tec...@mozilla.org
Network Security Services (NSS) 3.114 was released on 17 July 2025.
The HG tag is NSS_3_114_RTM. This version of NSS requires NSPR
4.35 or newer. The latest version of NSPR is 4.37.
NSS 3.114 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
<https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_114_RTM/src/>
Changes:
- Bug 1977376 - NSS 3.114 source distribution should include NSPR 4.37.
- Bug 1970079 - Prevent leaks during pkcs12 decoding.
- Bug 1953731 - Remove redundant assert in p7local.c.
- Bug 1974515 - Bump nssckbi version to 2.80.
- Bug 1961848 - Remove expired Baltimore CyberTrust Root.
- Bug 1972391 - Add TrustAsia Dedicated Roots to NSS.
- Bug 1974511 - Add SwissSign 2022 Roots to NSS.
- Bug 1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS.
- Bug 1965328 - Implement PKCS #11 v3.2 trust objects in softoken.
- Bug 1965328 - Implement PKCS #11 v3.2 trust objects - nss proper.
- Bug 1974331 - remove dead code in ssl3con.c.
- Bug 1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic.
- Bug 1974299 - Bump nssckbi version to 2.79.
- Bug 1967826 - remove unneccessary assertion.
- Bug 1948485 - Update mechanisms for Softoken PCT.
- Bug 1974299 - convert Chunghwa Telecom ePKI Root removal to a
distrust after.
- Bug 1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks.
- Bug 1973930 - use -O2 for asan build.
- Bug 1973187 - Fix leaking locks when toggling SSL_NO_LOCKS.
- Bug 1973105 - remove out-of-function semicolon.
- Bug 1963009 - Extend pkcs8 fuzz target.
- Bug 1963008 - Extend pkcs7 fuzz target.
- Bug 1908763 - Remove unused assignment to pageno.
- Bug 1908762 - Remove unused assignment to nextChunk.
- Bug 1973490 - don't run commands as part of shell `local` declarations.
- Bug 1973490 - fix sanitizer setup.
- Bug 1973187 - don't silence ssl_gtests output when running with
code coverage.
- Bug 1967411 - Release docs and housekeeping.
- Bug 1972768 - migrate to new linux tester pool
NSS 3.114 shared libraries are backwards-compatible with all
older NSS 3.x shared libraries. A program linked with older NSS
3.x shared libraries will work with this new version of the
shared libraries without recompiling or relinking. Furthermore,
applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible
with future versions of the NSS shared libraries.
Bugs discovered should be reported by filing a bug report at
<https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Release notes are available at
<https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>.
The HG tag is NSS_3_114_RTM. This version of NSS requires NSPR
4.35 or newer. The latest version of NSPR is 4.37.
NSS 3.114 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
<https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_114_RTM/src/>
Changes:
- Bug 1977376 - NSS 3.114 source distribution should include NSPR 4.37.
- Bug 1970079 - Prevent leaks during pkcs12 decoding.
- Bug 1953731 - Remove redundant assert in p7local.c.
- Bug 1974515 - Bump nssckbi version to 2.80.
- Bug 1961848 - Remove expired Baltimore CyberTrust Root.
- Bug 1972391 - Add TrustAsia Dedicated Roots to NSS.
- Bug 1974511 - Add SwissSign 2022 Roots to NSS.
- Bug 1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS.
- Bug 1965328 - Implement PKCS #11 v3.2 trust objects in softoken.
- Bug 1965328 - Implement PKCS #11 v3.2 trust objects - nss proper.
- Bug 1974331 - remove dead code in ssl3con.c.
- Bug 1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic.
- Bug 1974299 - Bump nssckbi version to 2.79.
- Bug 1967826 - remove unneccessary assertion.
- Bug 1948485 - Update mechanisms for Softoken PCT.
- Bug 1974299 - convert Chunghwa Telecom ePKI Root removal to a
distrust after.
- Bug 1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks.
- Bug 1973930 - use -O2 for asan build.
- Bug 1973187 - Fix leaking locks when toggling SSL_NO_LOCKS.
- Bug 1973105 - remove out-of-function semicolon.
- Bug 1963009 - Extend pkcs8 fuzz target.
- Bug 1963008 - Extend pkcs7 fuzz target.
- Bug 1908763 - Remove unused assignment to pageno.
- Bug 1908762 - Remove unused assignment to nextChunk.
- Bug 1973490 - don't run commands as part of shell `local` declarations.
- Bug 1973490 - fix sanitizer setup.
- Bug 1973187 - don't silence ssl_gtests output when running with
code coverage.
- Bug 1967411 - Release docs and housekeeping.
- Bug 1972768 - migrate to new linux tester pool
NSS 3.114 shared libraries are backwards-compatible with all
older NSS 3.x shared libraries. A program linked with older NSS
3.x shared libraries will work with this new version of the
shared libraries without recompiling or relinking. Furthermore,
applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible
with future versions of the NSS shared libraries.
Bugs discovered should be reported by filing a bug report at
<https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Release notes are available at
<https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>.
Reply all
Reply to author
Forward
0 new messages