diff options
| author | Erik Trauschke <erik.trauschke@gmail.com> | 2015-09-28 08:54:47 -0700 |
|---|---|---|
| committer | Erik Trauschke <erik.trauschke@gmail.com> | 2015-09-28 08:54:47 -0700 |
| commit | cc599440a393d6310e79494dab1461738eeede88 (patch) | |
| tree | 7bd7889794be2296802d6fd77ab2835013536df3 /CHANGELOG.rst | |
| parent | e064f0236cd1a93a7ad434ea8dccb5b476dda90e (diff) | |
| parent | a94f97ee8b32d35fc7ed02849a807fab58147dc5 (diff) | |
| download | cryptography-cc599440a393d6310e79494dab1461738eeede88.tar.gz cryptography-cc599440a393d6310e79494dab1461738eeede88.tar.bz2 cryptography-cc599440a393d6310e79494dab1461738eeede88.zip | |
Merge branch 'master' into crl_ossl_backend
Diffstat (limited to 'CHANGELOG.rst')
| -rw-r--r-- | CHANGELOG.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 705c09cd..fdea8c35 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,17 @@ Changelog * Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`. +1.0.2 - 2015-09-27 +~~~~~~~~~~~~~~~~~~ +* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use + of assertions to check response codes where our tests could not trigger a + failure. However, when Python is run with ``-O`` these asserts are optimized + away. If a user ran Python with this flag and got an invalid response code + this could result in undefined behavior or worse. Accordingly, all response + checks from the OpenSSL backend have been converted from ``assert`` + to a true function call. Credit **Emilia Käsper (Google Security Team)** + for the report. + 1.0.1 - 2015-09-05 ~~~~~~~~~~~~~~~~~~ |