Bump version to 0.11.3

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2026-02-11 18:50:28 +09:00 · 2025-08-14 10:49:11 +02:00
parent c182a21e11
commit 301d0e16df
4 changed files with 457 additions and 3 deletions
--- a/9
+++ b/9
@@ -1,6 +1,15 @@
 CHANGELOG
 =========

+version 0.11.3 (released 2025-09-09)
+ * Security:
+   * CVE-2025-8114: Fix NULL pointer dereference after allocation failure
+   * CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX
+   * Potential UAF when send() fails during key exchange
+ * Fix possible timeout during KEX if client sends authentication too early (#311)
+ * Cleanup OpenSSL PKCS#11 provider when loaded
+ * Zeroize buffers containing private key blobs during export
+
 version 0.11.2 (released 2025-06-24)
 * Security:
   * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion