PyCA cryptography 3.2 released

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

PyCA cryptography 3.2 released

Paul Kehrer
PyCA cryptography 3.2 has been released to PyPI. cryptography includes both
high level recipes and low level interfaces to common cryptographic
algorithms such as symmetric ciphers, asymmetric algorithms, message
digests, X509, key derivation functions, and much more. We support Python
2.7, Python 3.5+, and PyPy.

Changelog (https://cryptography.io/en/latest/changelog/):
* SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant
time, to protect against Bleichenbacher vulnerabilities. Due to limitations
imposed by our API, we cannot completely mitigate this vulnerability and a
future release will contain a new API which is designed to be resilient to
these for contexts where it is required. Credit to Hubert Kario for
reporting the issue. CVE-2020-25659
* Support for OpenSSL 1.0.2 has been removed. Users on older versions of
OpenSSL will need to upgrade.
* Added basic support for PKCS7 signing (including SMIME) via
PKCS7SignatureBuilder.

-Paul Kehrer (reaperhulk)
_______________________________________________
Python-announce-list mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
https://mail.python.org/mailman3/lists/python-announce-list.python.org/
Member address: [hidden email]