diff options
author | Pauli <pauli@openssl.org> | 2023-03-15 14:29:22 +1100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-03-22 11:42:30 +1100 |
commit | fa425f20955c7948faed27f69ae4544f89c108ea (patch) | |
tree | 759765e27ec1ca6f07b9c9384ea2057280fa0973 /CHANGES | |
parent | b44a67c6132754adc256290d0267c1e82994ac94 (diff) |
changes: note about policy tree size limits and circumvention
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20569)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -9,7 +9,13 @@ Changes between 1.1.1t and 1.1.1u [xx XXX xxxx] - *) + *) Limited the number of nodes created in a policy tree to mitigate + against CVE-2023-0464. The default limit is set to 1000 nodes, which + should be sufficient for most installations. If required, the limit + can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build + time define to a desired maximum number of nodes or zero to allow + unlimited growth. + [Paul Dale] Changes between 1.1.1s and 1.1.1t [7 Feb 2023] |