diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-09-27 08:41:28 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-09-27 08:41:28 -0400 |
| commit | a94f97ee8b32d35fc7ed02849a807fab58147dc5 (patch) | |
| tree | 09ae3ee9f095526b512769a156a7e0f4d06433a7 | |
| parent | 3c1f5cb6478d85b224c30c3a8608e9f5c523a088 (diff) | |
| parent | 8addede7ab0ab1b9b69ce96cb520319a87dee620 (diff) | |
| download | cryptography-a94f97ee8b32d35fc7ed02849a807fab58147dc5.tar.gz cryptography-a94f97ee8b32d35fc7ed02849a807fab58147dc5.tar.bz2 cryptography-a94f97ee8b32d35fc7ed02849a807fab58147dc5.zip | |
Merge pull request #2380 from reaperhulk/port-102-changelog
port 1.0.2 changelog to master
| -rw-r--r-- | CHANGELOG.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 705c09cd..fdea8c35 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,17 @@ Changelog * Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`. +1.0.2 - 2015-09-27 +~~~~~~~~~~~~~~~~~~ +* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use + of assertions to check response codes where our tests could not trigger a + failure. However, when Python is run with ``-O`` these asserts are optimized + away. If a user ran Python with this flag and got an invalid response code + this could result in undefined behavior or worse. Accordingly, all response + checks from the OpenSSL backend have been converted from ``assert`` + to a true function call. Credit **Emilia Käsper (Google Security Team)** + for the report. + 1.0.1 - 2015-09-05 ~~~~~~~~~~~~~~~~~~ |