Skip to content

v3.6.5-rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 28 Dec 18:46
v3.6.5-rc1
This tag was signed with the committer’s verified signature.
christopher-henderson Christopher Henderson
GPG key ID: 2632D36B664B36BC
Learn about vigilant mode.
629cb54
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

ZLint v3.6.5-rc1

The ZMap team is happy to share ZLint v3.6.5-rc1.

Thank you to everyone who contributes to ZLint!

New Lints

  • e_subj_contains_html_entities Detects the presence of HTML entities (e.g. '&') in the Subject, which probably shouldn't be there
  • e_ev_invalid_orgid_reg_scheme The Registration Schemes allowed in organizationIdentifier are those listed in Appendix H
  • e_ev_extra_subject_attribs CAs SHALL NOT include any Subject Distinguished Name attributes except as specified
  • e_crl_has_authority_key_identifier The CRL must include Authority Key Identifier extension
  • e_crl_unique_revoked_certificate The CRL must not include duplicate serial numbers in its revoked certificates list
  • e_invalid_ca_certificate_policies Checks that the Policy OIDs in the CertificatePolicies extension of a SubCA certificate comply with CABF requirements

Bug Fixes

  • Corrected e_ev_extra_subject_attribs to not allow OUs

Security

  • Upgraded golang.org/x/crypto from 0.25.0 to 0.31.0 to address CVE-2024-45337

Misc

  • More clear language in CLI option descriptions.
  • An upgrade to the repository's linter.
  • Addition of the Delta CRL Indicator OID to the list of known OIDs
  • Added effective dates for CABF/BR 2.0.1 to 2.0.8
  • Typo correction in citation string for e_crl_has_authority_key_identifier
  • Updated ZCrypto to 3a86168
  • Updates to the newLint.sh helper script.
  • New repo tooling to generate test CRLs.

Changelog

  • 629cb54 Add lint to detect HTML entities in Subject attributes (#907)
  • cd73211 fix: organizationUnitName is prohibited (#903)
  • 1fccaa7 Patch for CVE CVE-2024-45337 in test CRL generation tool (#906)
  • 5c47a01 build(deps): bump golang.org/x/crypto in /v3/cmd/genTestCerts (#905)
  • cb26b9e build(deps): bump golang.org/x/crypto from 0.25.0 to 0.31.0 in /v3 (#904)
  • 0d1ece3 Add lint to check for a valid Registration Scheme in the Subject.organizationIdentifier of EV certificates (#901)
  • 82c722b Add lint to check that EV certificates contain only allowed attributes in the Subject (#902)
  • 529e5e5 Add functionality to generate CRL in asn1 encoding (#893)
  • 5807078 Fix newLint.sh CLI (#897)
  • 5534545 Linter is broken due to a broken dependency on an old Golang version (#900)
  • d0b1e1f Update to zcrypto 3a86168 (#899)
  • 989baef Correct typo in RFC section reference (#898)
  • 6ec3b31 Add lint to check Authority Key Identifier in CRL Extension (#892)
  • eba3486 Add Effective Date for recent CABFBRs (#895)
  • 84d8f29 Add Delta CRL Indicator Oid (#896)
  • 920bf49 Add Delta CRL Indicator Oid (#894)
  • 4b55d49 Add lint to check that CRL does not have duplicates in RevokedCertificates (#890)
  • d0dc117 Add lint for checking compliance with §7.1.2.10.5 of the BRs (CA Certificate Policies) (#887)
  • f1f5644 Upgrade linter to 1.61.0 and address new lints (#891)
  • 45a7d73 Improve the language on some CLI option descriptions (#886)

Full Changelog:v3.6.4...v3.6.5-rc1

Assets 7
Loading