summary refs log tree commit diff
path: root/crypto/Readme.html
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2015-12-28 21:34:07 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2015-12-28 21:34:07 +0700
commit4a87b839681c95a5fbe43ed6ce65fa069a942586 (patch)
tree8b2e5e82d24d1dfc0c9385af1ea06c3989775d01 /crypto/Readme.html
parentAdd a couple more OIDs (diff)
downloadBouncyCastle.NET-ed25519-4a87b839681c95a5fbe43ed6ce65fa069a942586.tar.xz
Update versions and release notes for release 1.8.1 release-1.8.1
Diffstat (limited to 'crypto/Readme.html')
-rw-r--r--crypto/Readme.html42
1 files changed, 36 insertions, 6 deletions
diff --git a/crypto/Readme.html b/crypto/Readme.html
index 67116c815..d5cda3032 100644
--- a/crypto/Readme.html
+++ b/crypto/Readme.html
@@ -31,6 +31,8 @@
 				<a href="#mozTocId3413">Notes:</a>
 		<ol>
             <li>
+                <a href="#mozTocId85315">Release 1.8.1</a>
+            <li>
                 <a href="#mozTocId85314">Release 1.8.0</a>
             <li>
 				<a href="#mozTocId85313">Release 1.7</a>
@@ -288,6 +290,38 @@ We state, where EC MQV has not otherwise been disabled or removed:
 		<hr style="WIDTH: 100%; HEIGHT: 2px">
 		<h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3>
 
+        <h4><a class="mozTocH4" name="mozTocId85315"></a>Release 1.8.1, Monday December 28, 2015</h4>
+
+        <h5>Security Advisory</h5>
+        <ul>
+            <li>
+                (D)TLS 1.2: Motivated by <a href="https://www.google.com/search?q=CVE-2015-7575">CVE-2015-7575</a>, we have added validation that
+                the signature algorithm received in DigitallySigned structures is actually one of those offered (in signature_algorithms extension
+                or CertificateRequest). With our default TLS configuration, we do not believe there is an exploitable vulnerability in any earlier
+                releases. Users that are customizing the signature_algorithms extension, or running a server supporting client authentication, are
+                advised to double-check that they are not offering any signature algorithms involving MD5.
+            </li>
+        </ul>
+        <h5>Additional Features and Functionality</h5>
+        <ul>
+            <li>Added support for ASN.1 GraphicString and VideotexString types.</li>
+            <li>
+                Problems with DTLS record-layer version handling were resolved via <a href="http://www.bouncycastle.org/jira/browse/BJA-584">BJA-584</a>,
+                making version negotiation work properly.
+            </li>
+        </ul>
+        <h5>Additional Notes</h5>
+        <ul>
+            <li>
+                See list of resolved issues at
+                <a href="http://www.bouncycastle.org/jira/secure/ReleaseNote.jspa?projectId=10001&version=10510">Bouncy Castle JIRA C# 1.8.1</a>.
+            </li>
+            <li>
+                See the (cumulative) list of GitHub pull requests that we have accepted at
+                <a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
+            </li>
+        </ul>
+
         <h4><a class="mozTocH4" name="mozTocId85314"></a>Release 1.8.0, Sunday November 22, 2015</h4>
 
         <h5>IMPORTANT</h5>
@@ -348,15 +382,11 @@ We state, where EC MQV has not otherwise been disabled or removed:
         <ul>
             <li>
                 See list of resolved issues at
-                <a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&mode=hide&jqlQuery=project+%3D+BMA+AND+fixVersion+%3D+1.8.0">
-                    Bouncy Castle JIRA C# 1.8.0
-                </a>
+                <a href="http://www.bouncycastle.org/jira/secure/ReleaseNote.jspa?projectId=10001&version=10170">Bouncy Castle JIRA C# 1.8.0</a>.
             </li>
             <li>
                 See the (cumulative) list of GitHub pull requests that we have accepted at
-                <a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">
-                    bcgit/bc-csharp    
-                </a>
+                <a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
             </li>
         </ul>