Skip to content

v3.6.6

Choose a tag to compare

View all tags
@github-actions github-actions released this 26 Apr 14:42
· 68 commits to master since this release
v3.6.6
This tag was signed with the committer’s verified signature. The key has expired.
christopher-henderson Christopher Henderson
GPG key ID: 2632D36B664B36BC
Expired
Verified
Learn about vigilant mode.
c2d9286
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

ZLint v3.6.6

The ZMap team is happy to share ZLint v3.6.6.

Thank you to everyone who contributes to ZLint!

New Feature

  • Preliminary support for OCSP response linting via the library usage of ZLint

New Lints

  • e_crl_next_update_invalid, For CRLs covering (EE|CA) certificates, nextUpdate must be at most (10 days|12 months) beyond thisUpdate
  • e_qcstatem_qctype_smime, Checks that a QC Statement of the type Id-etsi-qcs-QcType features at least one of the types IdEtsiQcsQctEsign or IdEtsiQcsQctEseal, in case of an S/MIME certificate
  • e_utf8_latin1_mixup, Checks for wrongly encoded diacritics due to UTF-8 mistaken for Latin-1

Bug Fixes

  • Panics from individual lints no longer impact the execution of other lints
  • Corrected an issue in e_ev_extra_subject_attribs wherein OU was incorrectly marked as forbidden
  • Corrected an issue with not all lint sources being considered correctly during filtering
  • Corrected citation e_this_update_not_after_produced_at

Security

  • Upgraded golang.org/x/net from 0.33.0 to 0.37.0 to address CVE-2025-22870
  • Upgraded golang.org/x/net from 0.37.0 to 0.38.0 to address CVE-2025-22872

Changelog

  • c2d9286 Fix reference and description of OCSP lint (#937)
  • b60a4b1 build(deps): bump golang.org/x/net in /v3/cmd/gen_test_crl (#939)
  • d163497 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /v3 (#936)
  • e8d0409 Corrected an issue with not all lint sources being considered correctly during filtering (#934)
  • 80afcba Framework for linting OSCP responses (#917)
  • 7a0479c Add lint to detect wrongly encoded diacritics due to UTF-8 mistaken for Latin-1 (#931)
  • f68dfde Patch golang.org/x/net for CVE-2025-22870 (#928)
  • 3cc488f Update README.md (#926)
  • 900a4d0 Fix the linter (#929)
  • 502f687 Qc type web also smime (#919)
  • 7f772fd Updating actions/cache to v4 to fix integration tests (#927)
  • 59fffe7 util: gtld_map autopull updates for 2025-02-28T00:33:21 UTC (#920)
  • a2721f2 Add lint to check CRLs for a valid nextUpdate as per CABF BRs (#916)
  • f8bbdec OU (2.5.4.11) is incorrectly omitted from the allow list in e_ev_extra_subject_attribs (#915)
  • 62639df Panics should not prevent other lints from running (#914)
  • 32cb0bf Update README.md (#909)

Full Changelog:v3.6.5...v3.6.6

Assets 7
Loading