| .. _mozilla_projects_nss_nss_3_76_1_release_notes: |
| |
| NSS 3.76.1 release notes |
| ====================== |
| |
| `Introduction <#introduction>`__ |
| -------------------------------- |
| |
| .. container:: |
| |
| Network Security Services (NSS) 3.76.1 was released on **28 March 2022**. |
| |
| .. _distribution_information: |
| |
| `Distribution Information <#distribution_information>`__ |
| -------------------------------------------------------- |
| |
| .. container:: |
| |
| The HG tag is NSS_3_76_1_RTM. NSS 3.76.1 requires NSPR 4.32 or newer. |
| |
| NSS 3.76.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: |
| |
| - Source tarballs: |
| https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_76_1_RTM/src/ |
| |
| Other releases are available :ref:`mozilla_projects_nss_releases`. |
| |
| .. _changes_in_nss_3.76.1: |
| |
| `Changes in NSS 3.76.1 <#changes_in_nss_3.76.1>`__ |
| ---------------------------------------------------- |
| |
| .. container:: |
| |
| - Bug 1756271 - Remove token member from NSSSlot struct. |
| |
| |
| `Compatibility <#compatibility>`__ |
| ---------------------------------- |
| |
| .. container:: |
| |
| NSS 3.76.1 shared libraries are backwards-compatible with all older NSS 3.x shared |
| libraries. A program linked with older NSS 3.x shared libraries will work with |
| this new version of the shared libraries without recompiling or |
| relinking. Furthermore, applications that restrict their use of NSS APIs to the |
| functions listed in NSS Public Functions will remain compatible with future |
| versions of the NSS shared libraries. |
| |
| `Feedback <#feedback>`__ |
| ------------------------ |
| |
| .. container:: |
| |
| Bugs discovered should be reported by filing a bug report on |
| `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). |
| |
| `Notes <#notes>`__ |
| ------------------ |
| |
| .. container:: |
| |
| This release improves the stability of NSS when used in a multi-threaded |
| environment. In particular, it fixes memory safety violations that can occur |
| when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume |
| that with enough effort these memory safety violations are exploitable. |
| |