Minimal 3.7.1 ChangeLog

1 files changed, 27 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 1a8bb80..4fe0e02 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,33 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
+3.7.1 - Development release
+
+        * Internal improvements
+          - Initial overhaul of the BIGNUM code:
+            - Added a new framework that allows architecture-dependent
+              replacement implementations for bignum primitives
+            - Imported s2n-bignum's constant time assembly primitives.
+              Use them for amd64 and arm64.
+            - Lots of cleanup, simplification and bug fixes
+          - Assorted initial cleanup in the EC code
+          - Fixed Perl assembly generators to move constants into .rodata.
+            This allows code to run with execute-only permissions
+        * Bug fixes
+          - Fixed a memory leak, a double free and various other issues in
+            BIO_new_NDEF()
+          - Avoid infinite loops in DSA and ECDSA signing
+          - Check DSA parameter sanity
+          - Fixed various crashes in the openssl(1) testing utility
+          - Do not check policies by default in the new X.509 verifier
+        * Public API:
+          - added EVP_CIPHER_meth_* support (only setters)
+          - UI_null(), X509_CRL_get0_tbs_sigalg(), X509_STORE_*check_issued(),
+            X509_get0_uids()
+        * Security fix
+          - A malicious certificate revocation list or timestamp response token
+            would allow an attacker to read arbitrary memory.
+
 3.7.0 - Development release
 
         * Internal improvements