### Changes between 3.5.0 and 3.5.1 [xx XXX xxxx]
+ * Fix x509 application adds trusted use instead of rejected use.
+
+ Issue summary: Use of -addreject option with the openssl x509 application adds
+ a trusted use instead of a rejected use for a certificate.
+
+ Impact summary: If a user intends to make a trusted certificate rejected for
+ a particular use it will be instead marked as trusted for that use.
+
+ ([CVE-2025-4575])
+
+ *Tomas Mraz*
+
* Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
alert being received. Older versions of OpenSSL failed with DTLS if a
no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
<!-- Links -->
+[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [under development]
- * none
+OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fix x509 application adds trusted use instead of rejected use.
+ ([CVE-2025-4575])
### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025]
* Support for various new platforms
<!-- Links -->
-
+[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
projects / thirdparty / openssl.git / commitdiff
