ZLint v3.6.6-rc2
13 views
Skip to first unread message
chris
Apr 20, 2025, 5:09:01 PMApr 20
to ZLint Announcements
# ZLint v3.6.6-rc2
The ZMap team is happy to share ZLint v3.6.6-rc2 (https://github.com/zmap/zlint/releases/tag/v3.6.6-rc2).
Thank you to everyone who contributes to ZLint!
## New Feature
* Preliminary support for OCSP response linting via the library usage of ZLint
## New Lints
* `e_crl_next_update_invalid`, For CRLs covering (EE|CA) certificates, nextUpdate must be at most (10 days|12 months) beyond thisUpdate
* `e_qcstatem_qctype_smime`, Checks that a QC Statement of the type Id-etsi-qcs-QcType features at least one of the types IdEtsiQcsQctEsign or IdEtsiQcsQctEseal, in case of an S/MIME certificate
* `e_utf8_latin1_mixup`, Checks for wrongly encoded diacritics due to UTF-8 mistaken for Latin-1
## Bug Fixes
* Panics from individual lints no longer impact the execution of other lints
* Corrected an issue in `e_ev_extra_subject_attribs` wherein OU was incorrectly marked as forbidden
* Corrected an issue with not all lint sources being considered correctly during filtering
* Corrected citation e_this_update_not_after_produced_at
## Security
* Upgraded golang.org/x/net from 0.33.0 to 0.37.0 to address CVE-2025-22870
* Upgraded golang.org/x/net from 0.37.0 to 0.38.0 to address CVE-2025-22872
## Changelog
* c2d9286c1f143188ab3cd8808105c06982e78f0e Fix reference and description of OCSP lint (#937)
* b60a4b17b4a1705fbd87bab591e673bfbbe97adc build(deps): bump golang.org/x/net in /v3/cmd/gen_test_crl (#939)
* d16349779f35d29bb01ee4524d511f9a21df19de build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /v3 (#936)
* e8d0409a2d17f94dd1a230b97338bf5d7c8ec1a3 Corrected an issue with not all lint sources being considered correctly during filtering (#934)
* 80afcba1413f3dfe4ef0e6f9ca4ba185d66127fa Framework for linting OSCP responses (#917)
* 7a0479c0518f444b6b12f0c86af86a55da1792e3 Add lint to detect wrongly encoded diacritics due to UTF-8 mistaken for Latin-1 (#931)
* f68dfde76504e7e3e70eb34502b9da988727d1f4 Patch golang.org/x/net for CVE-2025-22870 (#928)
* 3cc488f1cc1c9032771f7f7ac4d75ee5d903bceb Update README.md (#926)
* 900a4d061237d2ce4b33576cb349dc77eae8e639 Fix the linter (#929)
* 502f687ebbd9b1dd684cedcb33d8c3f9ad747cb6 Qc type web also smime (#919)
* 7f772fd514c31397e55a7fe0affa28d386023419 Updating actions/cache to v4 to fix integration tests (#927)
* 59fffe7f16f1eed8dd514c370bbf178c6cd6bb3d util: gtld_map autopull updates for 2025-02-28T00:33:21 UTC (#920)
* a2721f24ded18890b5874949b8c25efcc88aae2a Add lint to check CRLs for a valid nextUpdate as per CABF BRs (#916)
* f8bbdec0eeba329d77075100c0a028b30a5e10ad OU (2.5.4.11) is incorrectly omitted from the allow list in e_ev_extra_subject_attribs (#915)
* 62639dffec8a0c6a4b82686bbc55ef535281b18a Panics should not prevent other lints from running (#914)
* 32cb0bf2798be9fb3982f56b4c3f532ca9a9b09b Update README.md (#909)
**Full Changelog**:https://github.com/zmap/zlint/compare/v3.6.5...v3.6.6-rc2
The ZMap team is happy to share ZLint v3.6.6-rc2 (https://github.com/zmap/zlint/releases/tag/v3.6.6-rc2).
Thank you to everyone who contributes to ZLint!
## New Feature
* Preliminary support for OCSP response linting via the library usage of ZLint
## New Lints
* `e_crl_next_update_invalid`, For CRLs covering (EE|CA) certificates, nextUpdate must be at most (10 days|12 months) beyond thisUpdate
* `e_qcstatem_qctype_smime`, Checks that a QC Statement of the type Id-etsi-qcs-QcType features at least one of the types IdEtsiQcsQctEsign or IdEtsiQcsQctEseal, in case of an S/MIME certificate
* `e_utf8_latin1_mixup`, Checks for wrongly encoded diacritics due to UTF-8 mistaken for Latin-1
## Bug Fixes
* Panics from individual lints no longer impact the execution of other lints
* Corrected an issue in `e_ev_extra_subject_attribs` wherein OU was incorrectly marked as forbidden
* Corrected an issue with not all lint sources being considered correctly during filtering
* Corrected citation e_this_update_not_after_produced_at
## Security
* Upgraded golang.org/x/net from 0.33.0 to 0.37.0 to address CVE-2025-22870
* Upgraded golang.org/x/net from 0.37.0 to 0.38.0 to address CVE-2025-22872
## Changelog
* c2d9286c1f143188ab3cd8808105c06982e78f0e Fix reference and description of OCSP lint (#937)
* b60a4b17b4a1705fbd87bab591e673bfbbe97adc build(deps): bump golang.org/x/net in /v3/cmd/gen_test_crl (#939)
* d16349779f35d29bb01ee4524d511f9a21df19de build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /v3 (#936)
* e8d0409a2d17f94dd1a230b97338bf5d7c8ec1a3 Corrected an issue with not all lint sources being considered correctly during filtering (#934)
* 80afcba1413f3dfe4ef0e6f9ca4ba185d66127fa Framework for linting OSCP responses (#917)
* 7a0479c0518f444b6b12f0c86af86a55da1792e3 Add lint to detect wrongly encoded diacritics due to UTF-8 mistaken for Latin-1 (#931)
* f68dfde76504e7e3e70eb34502b9da988727d1f4 Patch golang.org/x/net for CVE-2025-22870 (#928)
* 3cc488f1cc1c9032771f7f7ac4d75ee5d903bceb Update README.md (#926)
* 900a4d061237d2ce4b33576cb349dc77eae8e639 Fix the linter (#929)
* 502f687ebbd9b1dd684cedcb33d8c3f9ad747cb6 Qc type web also smime (#919)
* 7f772fd514c31397e55a7fe0affa28d386023419 Updating actions/cache to v4 to fix integration tests (#927)
* 59fffe7f16f1eed8dd514c370bbf178c6cd6bb3d util: gtld_map autopull updates for 2025-02-28T00:33:21 UTC (#920)
* a2721f24ded18890b5874949b8c25efcc88aae2a Add lint to check CRLs for a valid nextUpdate as per CABF BRs (#916)
* f8bbdec0eeba329d77075100c0a028b30a5e10ad OU (2.5.4.11) is incorrectly omitted from the allow list in e_ev_extra_subject_attribs (#915)
* 62639dffec8a0c6a4b82686bbc55ef535281b18a Panics should not prevent other lints from running (#914)
* 32cb0bf2798be9fb3982f56b4c3f532ca9a9b09b Update README.md (#909)
**Full Changelog**:https://github.com/zmap/zlint/compare/v3.6.5...v3.6.6-rc2
Reply all
Reply to author
Forward
0 new messages