News

YuOpenSSL-3.0 v1.2.2
- Fix OpenSSL version reported by OpenSSL_version…() functions and constants like OPENSSL_FULL_VERSION_STR.

YuOpenSSL-3.0 v1.2.1
- Update to OpenSSL 3.0.3.
  - Fixed a bug in the OCSP_basic_verify() function that verifies the signer certificate on an OCSP response.
  - Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key.
  - Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory occuppied by the removed hash table entries.

YuOpenSSL-3.0 v1.2.0
- Update to OpenSSL 3.0.2.
  - Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever for non-prime moduli (CVE-2022-0778).
  - Add ciphersuites based on DHE_PSK and ECDHE_PSK to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3.
  - Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty passphrase strings.
- Add OCSP API functions for Internet Component Suite (ICS).

YuOpenSSL-3.0 v1.3.2
- Update to OpenSSL 3.0.14.
  - Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741).
  - Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603).
  - Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511).

YuOpenSSL-3.0 v1.3.1
- Update to OpenSSL 3.0.13.
  - Fixed PKCS12 Decoding crashes (CVE-2024-0727).
  - Fixed Excessive time spent checking invalid RSA public keys (CVE-2023-6237).
  - Fix excessive time spent in DH check / generation with large Q parameter value (CVE-2023-5678).

YuOpenSSL-3.0 v1.2.13
- Update to OpenSSL 3.0.12.
  - Fix CVE-2023-5363: Mitigate incorrect resize handling for symmetric cipher keys and IVs.

YuOpenSSL-3.0 v1.2.11
- Update to OpenSSL 3.0.10.
  - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value.

YuOpenSSL-3.0 v1.2.9
- Fix CVE-2023-2975: AES-SIV implementation ignores empty associated data entries.
- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters.

YuOpenSSL-3.0 v1.2.11
- Update to OpenSSL 3.0.10.
  - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value.

YuOpenSSL-3.0 v1.2.8
- Add APIs for YuXMLSec v1.1.0.
- Cherry pick low severity CVE fixes.

YuXMLSec v1.0.0
- Compiled against YuOpenSSL-3.0. The old YuOpenSSL no longer works. Please update if needed.
- Update to XMLSec 1.2.33:
  - Fix decrypting session key for multiple recipients.
  - Add the xmlSecKeyDataFormatEngine option to enhance OpenSSL engine support.

YuOpenSSL-3.0 v1.1.0
- Add HTTP APIs like OSSL_HTTP_get. They allow to obtain data from HTTP or secure HTTPS using just YuOpenSSL-3.
- Add APIs required for YuXMLSec.

DISQLite3 v5.49.1
- Update to SQLite v3.46.1.
- FTS5: Improve tokenize = argument robustness, fix false-positive integrity-check.
- Enhance query planner covering index prediction.
- Fix group_concat in window functions.
- Fix return value for ALTER TABLE syntax errors.

DIXml v7.0.1
- Update libxml2 to version v2.13.2.
- Update libxslt to version v1.1.42.

DIXml v7.0.0
- Update libxml2 to version v2.13.1.
  - New error handling functions.
  - New option to disable loading external content like DTD.
  - Remove FTP and HTTP support.
  - Many bug fixes and improvements.
- Update libxslt to version v1.1.41.
  - General improvements.

YuZip v7.1.3
- Update compression libraries:
  - XZ v5.6.2.
  - 7-Zip v24.07.