ZLint v3.6.5-rc2
19 views
Skip to first unread message
chris
Jan 5, 2025, 11:12:30 AMJan 5
to ZLint Announcements
# ZLint v3.6.5-rc2
The ZMap team is happy to share ZLint v3.6.5-rc2 (https://github.com/zmap/zlint/releases/tag/v3.6.5-rc2).
Thank you to everyone who contributes to ZLint!
## New Lints
* `e_subj_contains_html_entities` Detects the presence of HTML entities (e.g. '&') in the Subject, which probably shouldn't be there
* `e_ev_invalid_orgid_reg_scheme` The Registration Schemes allowed in organizationIdentifier are those listed in Appendix H
* `e_ev_extra_subject_attribs` CAs SHALL NOT include any Subject Distinguished Name attributes except as specified
* `e_crl_has_authority_key_identifier` The CRL must include Authority Key Identifier extension
* `e_crl_unique_revoked_certificate` The CRL must not include duplicate serial numbers in its revoked certificates list
* `e_invalid_ca_certificate_policies` Checks that the Policy OIDs in the CertificatePolicies extension of a SubCA certificate comply with CABF requirements
## Bug Fixes
* Corrected `e_ev_extra_subject_attribs` to not allow OUs
## Security
* Upgraded golang.org/x/crypto from 0.25.0 to 0.31.0 to address CVE-2024-45337
* Upgraded golang.org/x/net from 0.27.0 to 0.33.0 to address CVE-2024-45338
## Misc
* More clear language in CLI option descriptions.
* An upgrade to the repository's linter.
* Addition of the Delta CRL Indicator OID to the list of known OIDs
* Added effective dates for CABF/BR 2.0.1 to 2.0.8
* Typo correction in citation string for `e_crl_has_authority_key_identifier`
* Updated ZCrypto to [3a86168](https://github.com/zmap/zcrypto/tree/3a861682ac77974fe9ff0488125d7ef6a8156c82)
* Updates to the `newLint.sh` helper script.
* New repo tooling to generate test CRLs.
## Changelog
* 629cb54 Add lint to detect HTML entities in Subject attributes (#907)
* cd73211 fix: organizationUnitName is prohibited (#903)
* 1fccaa7 Patch for CVE CVE-2024-45337 in test CRL generation tool (#906)
* 5c47a01 build(deps): bump golang.org/x/crypto in /v3/cmd/genTestCerts (#905)
* cb26b9e build(deps): bump golang.org/x/crypto from 0.25.0 to 0.31.0 in /v3 (#904)
* 0d1ece3 Add lint to check for a valid Registration Scheme in the Subject.organizationIdentifier of EV certificates (#901)
* 82c722b Add lint to check that EV certificates contain only allowed attributes in the Subject (#902)
* 529e5e5 Add functionality to generate CRL in asn1 encoding (#893)
* 5807078 Fix newLint.sh CLI (#897)
* 5534545 Linter is broken due to a broken dependency on an old Golang version (#900)
* d0b1e1f Update to zcrypto 3a86168 (#899)
* 989baef Correct typo in RFC section reference (#898)
* 6ec3b31 Add lint to check Authority Key Identifier in CRL Extension (#892)
* eba3486 Add Effective Date for recent CABFBRs (#895)
* 84d8f29 Add Delta CRL Indicator Oid (#896)
* 920bf49 Add Delta CRL Indicator Oid (#894)
* 4b55d49 Add lint to check that CRL does not have duplicates in RevokedCertificates (#890)
* d0dc117 Add lint for checking compliance with §7.1.2.10.5 of the BRs (CA Certificate Policies) (#887)
* f1f5644 Upgrade linter to 1.61.0 and address new lints (#891)
* 45a7d73 Improve the language on some CLI option descriptions (#886)
**Full Changelog**:https://github.com/zmap/zlint/compare/v3.6.4...v3.6.5-rc2
The ZMap team is happy to share ZLint v3.6.5-rc2 (https://github.com/zmap/zlint/releases/tag/v3.6.5-rc2).
Thank you to everyone who contributes to ZLint!
## New Lints
* `e_subj_contains_html_entities` Detects the presence of HTML entities (e.g. '&') in the Subject, which probably shouldn't be there
* `e_ev_invalid_orgid_reg_scheme` The Registration Schemes allowed in organizationIdentifier are those listed in Appendix H
* `e_ev_extra_subject_attribs` CAs SHALL NOT include any Subject Distinguished Name attributes except as specified
* `e_crl_has_authority_key_identifier` The CRL must include Authority Key Identifier extension
* `e_crl_unique_revoked_certificate` The CRL must not include duplicate serial numbers in its revoked certificates list
* `e_invalid_ca_certificate_policies` Checks that the Policy OIDs in the CertificatePolicies extension of a SubCA certificate comply with CABF requirements
## Bug Fixes
* Corrected `e_ev_extra_subject_attribs` to not allow OUs
## Security
* Upgraded golang.org/x/crypto from 0.25.0 to 0.31.0 to address CVE-2024-45337
* Upgraded golang.org/x/net from 0.27.0 to 0.33.0 to address CVE-2024-45338
## Misc
* More clear language in CLI option descriptions.
* An upgrade to the repository's linter.
* Addition of the Delta CRL Indicator OID to the list of known OIDs
* Added effective dates for CABF/BR 2.0.1 to 2.0.8
* Typo correction in citation string for `e_crl_has_authority_key_identifier`
* Updated ZCrypto to [3a86168](https://github.com/zmap/zcrypto/tree/3a861682ac77974fe9ff0488125d7ef6a8156c82)
* Updates to the `newLint.sh` helper script.
* New repo tooling to generate test CRLs.
## Changelog
* 629cb54 Add lint to detect HTML entities in Subject attributes (#907)
* cd73211 fix: organizationUnitName is prohibited (#903)
* 1fccaa7 Patch for CVE CVE-2024-45337 in test CRL generation tool (#906)
* 5c47a01 build(deps): bump golang.org/x/crypto in /v3/cmd/genTestCerts (#905)
* cb26b9e build(deps): bump golang.org/x/crypto from 0.25.0 to 0.31.0 in /v3 (#904)
* 0d1ece3 Add lint to check for a valid Registration Scheme in the Subject.organizationIdentifier of EV certificates (#901)
* 82c722b Add lint to check that EV certificates contain only allowed attributes in the Subject (#902)
* 529e5e5 Add functionality to generate CRL in asn1 encoding (#893)
* 5807078 Fix newLint.sh CLI (#897)
* 5534545 Linter is broken due to a broken dependency on an old Golang version (#900)
* d0b1e1f Update to zcrypto 3a86168 (#899)
* 989baef Correct typo in RFC section reference (#898)
* 6ec3b31 Add lint to check Authority Key Identifier in CRL Extension (#892)
* eba3486 Add Effective Date for recent CABFBRs (#895)
* 84d8f29 Add Delta CRL Indicator Oid (#896)
* 920bf49 Add Delta CRL Indicator Oid (#894)
* 4b55d49 Add lint to check that CRL does not have duplicates in RevokedCertificates (#890)
* d0dc117 Add lint for checking compliance with §7.1.2.10.5 of the BRs (CA Certificate Policies) (#887)
* f1f5644 Upgrade linter to 1.61.0 and address new lints (#891)
* 45a7d73 Improve the language on some CLI option descriptions (#886)
**Full Changelog**:https://github.com/zmap/zlint/compare/v3.6.4...v3.6.5-rc2
Reply all
Reply to author
Forward
0 new messages