ZLint v3.6.6-rc1
9 views
Skip to first unread message
chris
Apr 13, 2025, 10:46:10 AMApr 13
to ZLint Announcements
# ZLint v3.6.6-rc1
The ZMap team is happy to share ZLint v3.6.6-rc1 (https://github.com/zmap/zlint/releases/tag/v3.6.6-rc1).
Thank you to everyone who contributes to ZLint!
## New Feature
* Preliminary support for OCSP response linting via the library usage of ZLint.
## New Lints
* `e_crl_next_update_invalid`, For CRLs covering (EE|CA) certificates, nextUpdate must be at most (10 days|12 months) beyond thisUpdate
* `e_qcstatem_qctype_smime`, Checks that a QC Statement of the type Id-etsi-qcs-QcType features at least one of the types IdEtsiQcsQctEsign or IdEtsiQcsQctEseal, in case of an S/MIME certificate.
* `e_utf8_latin1_mixup`, Checks for wrongly encoded diacritics due to UTF-8 mistaken for Latin-1
## Bug Fixes
* Panics from individual lints no longer impact the execution of other lints.
* Corrected an issue in `e_ev_extra_subject_attribs` wherein OU was incorrectly marked as forbidden
* Corrected an issue with not all lint sources being considered correctly during filtering
## Security
* Upgraded golang.org/x/net from 0.33.0 to 0.37.0 to address CVE-2025-22870
## Changelog
* e8d0409a2d17f94dd1a230b97338bf5d7c8ec1a3 Corrected an issue with not all lint sources being considered correctly during filtering (#934)
* 80afcba1413f3dfe4ef0e6f9ca4ba185d66127fa Framework for linting OSCP responses (#917)
* 7a0479c0518f444b6b12f0c86af86a55da1792e3 Add lint to detect wrongly encoded diacritics due to UTF-8 mistaken for Latin-1 (#931)
* f68dfde76504e7e3e70eb34502b9da988727d1f4 Patch golang.org/x/net for CVE-2025-22870 (#928)
* 3cc488f1cc1c9032771f7f7ac4d75ee5d903bceb Update README.md (#926)
* 900a4d061237d2ce4b33576cb349dc77eae8e639 Fix the linter (#929)
* 502f687ebbd9b1dd684cedcb33d8c3f9ad747cb6 Qc type web also smime (#919)
* 7f772fd514c31397e55a7fe0affa28d386023419 Updating actions/cache to v4 to fix integration tests (#927)
* 59fffe7f16f1eed8dd514c370bbf178c6cd6bb3d util: gtld_map autopull updates for 2025-02-28T00:33:21 UTC (#920)
* a2721f24ded18890b5874949b8c25efcc88aae2a Add lint to check CRLs for a valid nextUpdate as per CABF BRs (#916)
* f8bbdec0eeba329d77075100c0a028b30a5e10ad OU (2.5.4.11) is incorrectly omitted from the allow list in e_ev_extra_subject_attribs (#915)
* 62639dffec8a0c6a4b82686bbc55ef535281b18a Panics should not prevent other lints from running (#914)
* 32cb0bf2798be9fb3982f56b4c3f532ca9a9b09b Update README.md (#909)
**Full Changelog**:https://github.com/zmap/zlint/compare/v3.6.5...v3.6.6-rc1
The ZMap team is happy to share ZLint v3.6.6-rc1 (https://github.com/zmap/zlint/releases/tag/v3.6.6-rc1).
Thank you to everyone who contributes to ZLint!
## New Feature
* Preliminary support for OCSP response linting via the library usage of ZLint.
## New Lints
* `e_crl_next_update_invalid`, For CRLs covering (EE|CA) certificates, nextUpdate must be at most (10 days|12 months) beyond thisUpdate
* `e_qcstatem_qctype_smime`, Checks that a QC Statement of the type Id-etsi-qcs-QcType features at least one of the types IdEtsiQcsQctEsign or IdEtsiQcsQctEseal, in case of an S/MIME certificate.
* `e_utf8_latin1_mixup`, Checks for wrongly encoded diacritics due to UTF-8 mistaken for Latin-1
## Bug Fixes
* Panics from individual lints no longer impact the execution of other lints.
* Corrected an issue in `e_ev_extra_subject_attribs` wherein OU was incorrectly marked as forbidden
* Corrected an issue with not all lint sources being considered correctly during filtering
## Security
* Upgraded golang.org/x/net from 0.33.0 to 0.37.0 to address CVE-2025-22870
## Changelog
* e8d0409a2d17f94dd1a230b97338bf5d7c8ec1a3 Corrected an issue with not all lint sources being considered correctly during filtering (#934)
* 80afcba1413f3dfe4ef0e6f9ca4ba185d66127fa Framework for linting OSCP responses (#917)
* 7a0479c0518f444b6b12f0c86af86a55da1792e3 Add lint to detect wrongly encoded diacritics due to UTF-8 mistaken for Latin-1 (#931)
* f68dfde76504e7e3e70eb34502b9da988727d1f4 Patch golang.org/x/net for CVE-2025-22870 (#928)
* 3cc488f1cc1c9032771f7f7ac4d75ee5d903bceb Update README.md (#926)
* 900a4d061237d2ce4b33576cb349dc77eae8e639 Fix the linter (#929)
* 502f687ebbd9b1dd684cedcb33d8c3f9ad747cb6 Qc type web also smime (#919)
* 7f772fd514c31397e55a7fe0affa28d386023419 Updating actions/cache to v4 to fix integration tests (#927)
* 59fffe7f16f1eed8dd514c370bbf178c6cd6bb3d util: gtld_map autopull updates for 2025-02-28T00:33:21 UTC (#920)
* a2721f24ded18890b5874949b8c25efcc88aae2a Add lint to check CRLs for a valid nextUpdate as per CABF BRs (#916)
* f8bbdec0eeba329d77075100c0a028b30a5e10ad OU (2.5.4.11) is incorrectly omitted from the allow list in e_ev_extra_subject_attribs (#915)
* 62639dffec8a0c6a4b82686bbc55ef535281b18a Panics should not prevent other lints from running (#914)
* 32cb0bf2798be9fb3982f56b4c3f532ca9a9b09b Update README.md (#909)
**Full Changelog**:https://github.com/zmap/zlint/compare/v3.6.5...v3.6.6-rc1
Reply all
Reply to author
Forward
0 new messages