1.. _mozilla_projects_nss_nss_3_12_3_release_notes: 2 3NSS_3.12.3_release_notes.html 4============================= 5 6.. _nss_3.12.3_release_notes: 7 8`NSS 3.12.3 Release Notes <#nss_3.12.3_release_notes>`__ 9-------------------------------------------------------- 10 11.. container:: 12 13.. _2009-04-01: 14 15`2009-04-01 <#2009-04-01>`__ 16~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 17 18.. container:: 19 20 Newsgroup: `mozilla.dev.tech.crypto <news://news.mozilla.org/mozilla.dev.tech.crypto>`__ 21 22`Contents <#contents>`__ 23~~~~~~~~~~~~~~~~~~~~~~~~ 24 25.. container:: 26 27 - `Introduction <#introduction>`__ 28 - `Distribution Information <#distribution_information>`__ 29 - `New in NSS 3.12.3 <#new_in_nss_3.12.3>`__ 30 - `Bugs Fixed <#bugs_fixed>`__ 31 - `Documentation <#documentation>`__ 32 - `Compatibility <#compatibility>`__ 33 - `Feedback <#feedback>`__ 34 35 -------------- 36 37`Introduction <#introduction>`__ 38~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 39 40.. container:: 41 42 Network Security Services (NSS) 3.12.3 is a patch release for NSS 3.12. The bug fixes in NSS 43 3.12.3 are described in the "`Bugs Fixed <#bugs_fixed>`__" section below. 44 45 NSS 3.12.3 is tri-licensed under the MPL 1.1/GPL 2.0/LGPL 2.1. 46 47 -------------- 48 49.. _distribution_information: 50 51`Distribution Information <#distribution_information>`__ 52~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 53 54.. container:: 55 56 | The CVS tag for the NSS 3.12.3 release is NSS_3_12_3_RTM. NSS 3.12.3 requires `NSPR 57 4.7.4 <https://www.mozilla.org/projects/nspr/release-notes/nspr474.html>`__. 58 | See the `Documentation <#documentation>`__ section for the build instructions. 59 60 NSS 3.12.3 source and binary distributions are also available on ftp.mozilla.org for secure HTTPS 61 download: 62 63 - Source tarballs: 64 https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_3_RTM/src/. 65 - Binary distributions: 66 https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_3_RTM/. Both debug and 67 optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT 68 (optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.12.3 69 directory containing three subdirectories: 70 71 - include - NSS header files 72 - lib - NSS shared libraries 73 - bin - `NSS Tools <https://www.mozilla.org/projects/security/pki/nss/tools/>`__ and test 74 programs 75 76 You also need to download the NSPR 4.7.4 binary distributions to get the NSPR 4.7.4 header files 77 and shared libraries, which NSS 3.12.3 requires. NSPR 4.7.4 binary distributions are in 78 https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.7.4/. 79 80 -------------- 81 82.. _new_in_nss_3.12.3: 83 84`New in NSS 3.12.3 <#new_in_nss_3.12.3>`__ 85~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 86 87.. container:: 88 89 - Changes in behavior: 90 - In the development of NSS 3.12.3, it became necessary to change some old library behaviors due 91 to the discovery of certain vulnerabilities in the old behaviors, and to correct some errors 92 that had limited NSS's ability to interoperate with cryptographic hardware and software from 93 other sources. 94 Most of these changes should cause NO problems for NSS users, but in some cases, some 95 customers' software, hardware and/or certificates may be dependent on the old behaviors, and 96 may have difficulty with the new behaviors. In anticipation of that, the NSS team has provided 97 ways to easily cause NSS to revert to its previous behavior through the use of environment 98 variables. 99 Here is a table of the new environment variables introduced in NSS 3.12.3 and information 100 about how they affect these new behaviors. The information in this table is excerpted from 101 :ref:`mozilla_projects_nss_reference_nss_environment_variables` 102 103 +--------------------------------+--------------------------------+--------------------------------+ 104 | **Environment Variable** | **Value Type** | **Description** | 105 +--------------------------------+--------------------------------+--------------------------------+ 106 | NSRANDCOUNT | Integer | Sets the maximum number of | 107 | | (byte count) | bytes to read from the file | 108 | | | named in the environment | 109 | | | variable NSRANDFILE (see | 110 | | | below). Makes NSRANDFILE | 111 | | | usable with /dev/urandom. | 112 +--------------------------------+--------------------------------+--------------------------------+ 113 | NSS_ALLOW_WEAK_SIGNATURE_ALG | Boolean | Enables the use of MD2 and MD4 | 114 | | (any non-empty value to | hash algorithms inside | 115 | | enable) | signatures. This was allowed | 116 | | | by default before NSS 3.12.3. | 117 +--------------------------------+--------------------------------+--------------------------------+ 118 | NSS_HASH_ALG_SUPPORT | String | Specifies algorithms allowed | 119 | | | to be used in certain | 120 | | | applications, such as in | 121 | | | signatures on certificates and | 122 | | | CRLs. See documentation at | 123 | | | `this | 124 | | | link | 125 | | | <https://bugzilla.mozilla.org/ | 126 | | | show_bug.cgi?id=483113#c0>`__. | 127 +--------------------------------+--------------------------------+--------------------------------+ 128 | NSS_STRICT_NOFORK | String | It is an error to try to use a | 129 | | ("1", | PKCS#11 crypto module in a | 130 | | "DISABLED", | process before it has been | 131 | | or any other non-empty value) | initialized in that process, | 132 | | | even if the module was | 133 | | | initialized in the parent | 134 | | | process. Beginning in NSS | 135 | | | 3.12.3, Softoken will detect | 136 | | | this error. This environment | 137 | | | variable controls Softoken's | 138 | | | response to that error. | 139 | | | | 140 | | | - If set to "1" or unset, | 141 | | | Softoken will trigger an | 142 | | | assertion failure in debug | 143 | | | builds, and will report an | 144 | | | error in non-DEBUG builds. | 145 | | | - If set to "DISABLED", | 146 | | | Softoken will ignore forks, | 147 | | | and behave as it did in | 148 | | | older versions. | 149 | | | - If set to any other | 150 | | | non-empty value, Softoken | 151 | | | will report an error in | 152 | | | both DEBUG and non-DEBUG | 153 | | | builds. | 154 +--------------------------------+--------------------------------+--------------------------------+ 155 | NSS_USE_DECODED_CKA_EC_POINT | Boolean | Tells NSS to send EC key | 156 | | (any non-empty value to | points across the PKCS#11 | 157 | | enable) | interface in the non-standard | 158 | | | unencoded format that was used | 159 | | | by default before NSS 3.12.3. | 160 | | | The new key point format is a | 161 | | | DER encoded ASN.1 OCTET | 162 | | | STRING. | 163 +--------------------------------+--------------------------------+--------------------------------+ 164 | NSS_USE_SHEXP_IN_CERT_NAME | Boolean | Tells NSS to allow shell-style | 165 | | (any non-empty value to | wildcard patterns in | 166 | | enable) | certificates to match SSL | 167 | | | server host names. This | 168 | | | behavior was the default | 169 | | | before NSS 3.12.3. The new | 170 | | | behavior conforms to RFC 2818. | 171 +--------------------------------+--------------------------------+--------------------------------+ 172 173 - New Korean SEED cipher: 174 175 - New macros for SEED support: 176 177 - *in blapit.h:* 178 NSS_SEED 179 NSS_SEED_CBC 180 SEED_BLOCK_SIZE 181 SEED_KEY_LENGTH 182 *in pkcs11t.h:* 183 CKK_SEED 184 CKM_SEED_KEY_GEN 185 CKM_SEED_ECB 186 CKM_SEED_CBC 187 CKM_SEED_MAC 188 CKM_SEED_MAC_GENERAL 189 CKM_SEED_CBC_PAD 190 CKM_SEED_ECB_ENCRYPT_DATA 191 CKM_SEED_CBC_ENCRYPT_DATA 192 *in secmod.h:* 193 PUBLIC_MECH_SEED_FLAG 194 *in secmodt.h:* 195 SECMOD_SEED_FLAG 196 *in secoidt.h:* 197 SEC_OID_SEED_CBC 198 *in sslproto.h:* 199 TLS_RSA_WITH_SEED_CBC_SHA 200 *in sslt.h:* 201 ssl_calg_seed 202 203 - New structure for SEED support: 204 205 - (see blapit.h) 206 SEEDContextStr 207 SEEDContext 208 209 - New functions in the nss shared library: 210 211 - CERT_RFC1485_EscapeAndQuote (see cert.h) 212 CERT_CompareCerts (see cert.h) 213 CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h) 214 PK11_GetSymKeyHandle (see pk11pqg.h) 215 UTIL_SetForkState (see secoid.h) 216 NSS_GetAlgorithmPolicy (see secoid.h) 217 NSS_SetAlgorithmPolicy (see secoid.h) 218 219 - For the 2 functions above see also (in secoidt.h): 220 NSS_USE_ALG_IN_CERT_SIGNATURE 221 NSS_USE_ALG_IN_CMS_SIGNATURE 222 NSS_USE_ALG_RESERVED 223 224 - Support for the Watcom C compiler is removed 225 226 - The file watcomfx.h is removed. 227 228 -------------- 229 230.. _bugs_fixed: 231 232`Bugs Fixed <#bugs_fixed>`__ 233~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 234 235.. container:: 236 237 The following bugs have been fixed in NSS 3.12.3. 238 239 - `Bug 159483 <https://bugzilla.mozilla.org/show_bug.cgi?id=159483>`__: cert name matching: RFC 240 2818 vs. backwards compatibility (wildcards) 241 - `Bug 334678 <https://bugzilla.mozilla.org/show_bug.cgi?id=334678>`__: prng_fips1861.c 242 redefines the macro BSIZE on HP-UX 243 - `Bug 335016 <https://bugzilla.mozilla.org/show_bug.cgi?id=335016>`__: mpp_pprime (Miller-Rabin 244 probabilistic primality test) may choose 0 or 1 as the random integer 245 - `Bug 347037 <https://bugzilla.mozilla.org/show_bug.cgi?id=347037>`__: Make shlibsign depend on 246 the softoken only 247 - `Bug 371522 <https://bugzilla.mozilla.org/show_bug.cgi?id=371522>`__: Auto-Update of CRLs 248 stops after first update 249 - `Bug 380784 <https://bugzilla.mozilla.org/show_bug.cgi?id=380784>`__: PK11MODE in non FIPS 250 mode failed. 251 - `Bug 394077 <https://bugzilla.mozilla.org/show_bug.cgi?id=394077>`__: libpkix need to return 252 revocation status of a cert 253 - `Bug 412468 <https://bugzilla.mozilla.org/show_bug.cgi?id=412468>`__: modify certutil 254 - `Bug 417092 <https://bugzilla.mozilla.org/show_bug.cgi?id=417092>`__: Modify pkix_CertSelector 255 API to return an error if cert was rejected. 256 - `Bug 426413 <https://bugzilla.mozilla.org/show_bug.cgi?id=426413>`__: Audit messages need 257 distinct types 258 - `Bug 438870 <https://bugzilla.mozilla.org/show_bug.cgi?id=438870>`__: Free Freebl hashing code 259 of dependencies on NSPR and libUtil 260 - `Bug 439115 <https://bugzilla.mozilla.org/show_bug.cgi?id=439115>`__: DB merge allows nickname 261 conflicts in merged DB 262 - `Bug 439199 <https://bugzilla.mozilla.org/show_bug.cgi?id=439199>`__: SSE2 instructions for 263 bignum are not implemented on Windows 32-bit 264 - `Bug 441321 <https://bugzilla.mozilla.org/show_bug.cgi?id=441321>`__: Tolerate incorrect 265 encoding of DSA signatures in SSL 3.0 handshakes 266 - `Bug 444404 <https://bugzilla.mozilla.org/show_bug.cgi?id=444404>`__: libpkix reports unknown 267 issuer for nearly all certificate errors 268 - `Bug 452391 <https://bugzilla.mozilla.org/show_bug.cgi?id=452391>`__: certutil -K incorrectly 269 reports ec private key as an orphan 270 - `Bug 453234 <https://bugzilla.mozilla.org/show_bug.cgi?id=453234>`__: Support for SEED Cipher 271 Suites to TLS RFC4010 272 - `Bug 453364 <https://bugzilla.mozilla.org/show_bug.cgi?id=453364>`__: Improve PK11_CipherOp 273 error reporting (was: PK11_CreateContextBySymKey returns NULL 274 - `Bug 456406 <https://bugzilla.mozilla.org/show_bug.cgi?id=456406>`__: Slot list leaks in 275 symkeyutil 276 - `Bug 461085 <https://bugzilla.mozilla.org/show_bug.cgi?id=461085>`__: RFE: export function 277 CERT_CompareCerts 278 - `Bug 462293 <https://bugzilla.mozilla.org/show_bug.cgi?id=462293>`__: Crash on fork after 279 Softoken is dlClose'd on some Unix platforms in NSS 3.12 280 - `Bug 463342 <https://bugzilla.mozilla.org/show_bug.cgi?id=463342>`__: move some headers to 281 freebl/softoken 282 - `Bug 463452 <https://bugzilla.mozilla.org/show_bug.cgi?id=463452>`__: SQL DB creation does not 283 set files protections to 0600 284 - `Bug 463678 <https://bugzilla.mozilla.org/show_bug.cgi?id=463678>`__: Need to add RPATH to 285 64-bit libraries on HP-UX 286 - `Bug 464088 <https://bugzilla.mozilla.org/show_bug.cgi?id=464088>`__: Option to build NSS 287 without dbm (handy for WinCE) 288 - `Bug 464223 <https://bugzilla.mozilla.org/show_bug.cgi?id=464223>`__: Certutil didn't accept 289 certificate request to sign. 290 - `Bug 464406 <https://bugzilla.mozilla.org/show_bug.cgi?id=464406>`__: Fix signtool regressions 291 - `Bug 465270 <https://bugzilla.mozilla.org/show_bug.cgi?id=465270>`__: uninitialised value in 292 devutil.c::create_object() 293 - `Bug 465273 <https://bugzilla.mozilla.org/show_bug.cgi?id=465273>`__: dead assignment in 294 devutil.c::nssSlotArray_Clone() 295 - `Bug 465926 <https://bugzilla.mozilla.org/show_bug.cgi?id=465926>`__: During import of PKCS 296 #12 files 297 - `Bug 466180 <https://bugzilla.mozilla.org/show_bug.cgi?id=466180>`__: 298 SSL_ConfigMPServerSIDCache with default parameters fails on {Net 299 - `Bug 466194 <https://bugzilla.mozilla.org/show_bug.cgi?id=466194>`__: CERT_DecodeTrustString 300 should take a const char \* input trusts string. 301 - `Bug 466736 <https://bugzilla.mozilla.org/show_bug.cgi?id=466736>`__: Incorrect use of 302 NSS_USE_64 in lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c 303 - `Bug 466745 <https://bugzilla.mozilla.org/show_bug.cgi?id=466745>`__: random number generator 304 fails on windows ce 305 - `Bug 467298 <https://bugzilla.mozilla.org/show_bug.cgi?id=467298>`__: SQL DB code uses local 306 cache on local file system 307 - `Bug 468279 <https://bugzilla.mozilla.org/show_bug.cgi?id=468279>`__: softoken crash importing 308 email cert into newly upgraded DB 309 - `Bug 468532 <https://bugzilla.mozilla.org/show_bug.cgi?id=468532>`__: Trusted CA trust flags 310 not being honored in CERT_VerifyCert 311 - `Bug 469583 <https://bugzilla.mozilla.org/show_bug.cgi?id=469583>`__: Coverity: uninitialized 312 variable used in sec_pkcs5CreateAlgorithmID 313 - `Bug 469944 <https://bugzilla.mozilla.org/show_bug.cgi?id=469944>`__: when built with 314 Microsoft compilers 315 - `Bug 470351 <https://bugzilla.mozilla.org/show_bug.cgi?id=470351>`__: crlutil build fails on 316 Windows because it calls undeclared isatty 317 - `Bug 471539 <https://bugzilla.mozilla.org/show_bug.cgi?id=471539>`__: Stop honoring digital 318 signatures in certificates and CRLs based on weak hashes 319 - `Bug 471665 <https://bugzilla.mozilla.org/show_bug.cgi?id=471665>`__: NSS reports incorrect 320 sizes for (AES) symmetric keys 321 - `Bug 471715 <https://bugzilla.mozilla.org/show_bug.cgi?id=471715>`__: Add cert to nssckbi to 322 override rogue md5-collision CA cert 323 - `Bug 472291 <https://bugzilla.mozilla.org/show_bug.cgi?id=472291>`__: crash in libpkix object 324 leak tests due to null pointer dereferencing in pkix_build.c:3218. 325 - `Bug 472319 <https://bugzilla.mozilla.org/show_bug.cgi?id=472319>`__: Vfychain validates chain 326 even if revoked certificate. 327 - `Bug 472749 <https://bugzilla.mozilla.org/show_bug.cgi?id=472749>`__: Softoken permits AES 328 keys of ANY LENGTH to be created 329 - `Bug 473147 <https://bugzilla.mozilla.org/show_bug.cgi?id=473147>`__: pk11mode tests fails on 330 AIX when using shareable DBs. 331 - `Bug 473357 <https://bugzilla.mozilla.org/show_bug.cgi?id=473357>`__: ssltap incorrectly 332 parses handshake messages that span record boundaries 333 - `Bug 473365 <https://bugzilla.mozilla.org/show_bug.cgi?id=473365>`__: Incompatible argument in 334 pkix_validate.c. 335 - `Bug 473505 <https://bugzilla.mozilla.org/show_bug.cgi?id=473505>`__: softoken's C_Initialize 336 and C_Finalize should succeed after a fork in a child process 337 - `Bug 473944 <https://bugzilla.mozilla.org/show_bug.cgi?id=473944>`__: Trust anchor is not 338 trusted when requireFreshInfo flag is set. 339 - `Bug 474532 <https://bugzilla.mozilla.org/show_bug.cgi?id=474532>`__: Softoken cannot import 340 certs with empty subjects and non-empty nicknames 341 - `Bug 474777 <https://bugzilla.mozilla.org/show_bug.cgi?id=474777>`__: Wrong deallocation when 342 modifying CRL. 343 - `Bug 476126 <https://bugzilla.mozilla.org/show_bug.cgi?id=476126>`__: CERT_AsciiToName fails 344 when AVAs in an RDN are separated by '+' 345 - `Bug 477186 <https://bugzilla.mozilla.org/show_bug.cgi?id=477186>`__: Infinite loop in 346 CERT_GetCertChainFromCert 347 - `Bug 477777 <https://bugzilla.mozilla.org/show_bug.cgi?id=477777>`__: Selfserv crashed in 348 client/server tests. 349 - `Bug 478171 <https://bugzilla.mozilla.org/show_bug.cgi?id=478171>`__: Consolidate the 350 coreconf/XXX.mk files for Windows 351 - `Bug 478563 <https://bugzilla.mozilla.org/show_bug.cgi?id=478563>`__: Add \_MSC_VER (the cl 352 version) to coreconf. 353 - `Bug 478724 <https://bugzilla.mozilla.org/show_bug.cgi?id=478724>`__: NSS build fails on 354 Windows since 20090213.1 nightly build. 355 - `Bug 478931 <https://bugzilla.mozilla.org/show_bug.cgi?id=478931>`__: object leak in 356 pkix_List_MergeLists function 357 - `Bug 478994 <https://bugzilla.mozilla.org/show_bug.cgi?id=478994>`__: Allow Softoken's fork 358 check to be disabled 359 - `Bug 479029 <https://bugzilla.mozilla.org/show_bug.cgi?id=479029>`__: OCSP Response signature 360 cert found invalid if issuer is trusted only for SSL 361 - `Bug 479601 <https://bugzilla.mozilla.org/show_bug.cgi?id=479601>`__: Wrong type (UTF8 String) 362 for email addresses in subject by CERT_AsciiToName 363 - `Bug 480142 <https://bugzilla.mozilla.org/show_bug.cgi?id=480142>`__: Use sizeof on the 364 correct type of ckc_x509 in lib/ckfw 365 - `Bug 480257 <https://bugzilla.mozilla.org/show_bug.cgi?id=480257>`__: OCSP fails when response 366 > 1K Byte 367 - `Bug 480280 <https://bugzilla.mozilla.org/show_bug.cgi?id=480280>`__: The CKA_EC_POINT PKCS#11 368 attribute is encoded in the wrong way: missing encapsulating octet string 369 - `Bug 480442 <https://bugzilla.mozilla.org/show_bug.cgi?id=480442>`__: Remove (empty) 370 watcomfx.h from nss 371 - `Bug 481216 <https://bugzilla.mozilla.org/show_bug.cgi?id=481216>`__: Fix specific spelling 372 errors in NSS 373 - `Bug 482702 <https://bugzilla.mozilla.org/show_bug.cgi?id=482702>`__: OCSP test with revoked 374 CA cert validated as good. 375 - `Bug 483113 <https://bugzilla.mozilla.org/show_bug.cgi?id=483113>`__: add environment variable 376 to disable/enable hash algorithms in cert/CRL signatures 377 - `Bug 483168 <https://bugzilla.mozilla.org/show_bug.cgi?id=483168>`__: NSS Callback API for 378 looking up a default OCSP Responder URL 379 - `Bug 483963 <https://bugzilla.mozilla.org/show_bug.cgi?id=483963>`__: Assertion failure in 380 OCSP tests. 381 - `Bug 484425 <https://bugzilla.mozilla.org/show_bug.cgi?id=484425>`__: Need accessor function 382 to retrieve SymKey handle 383 - `Bug 484466 <https://bugzilla.mozilla.org/show_bug.cgi?id=484466>`__: sec_error_invalid_args 384 with NSS_ENABLE_PKIX_VERIFY=1 385 - `Bug 485127 <https://bugzilla.mozilla.org/show_bug.cgi?id=485127>`__: bltest crashes when 386 attempting rc5_cbc or rc5_ecb 387 - `Bug 485140 <https://bugzilla.mozilla.org/show_bug.cgi?id=485140>`__: Wrong command line flags 388 used to build intel-aes.s with Solaris gas for x86_64 389 - `Bug 485370 <https://bugzilla.mozilla.org/show_bug.cgi?id=485370>`__: crash 390 - `Bug 485713 <https://bugzilla.mozilla.org/show_bug.cgi?id=485713>`__: Files added by Red Hat 391 recently have missing texts in license headers. 392 - `Bug 485729 <https://bugzilla.mozilla.org/show_bug.cgi?id=485729>`__: Remove 393 lib/freebl/mapfile.Solaris 394 - `Bug 485837 <https://bugzilla.mozilla.org/show_bug.cgi?id=485837>`__: vc90.pdb files are 395 output in source directory instead of OBJDIR 396 - `Bug 486060 <https://bugzilla.mozilla.org/show_bug.cgi?id=486060>`__: sec_asn1d_parse_leaf 397 uses argument uninitialized by caller pbe_PK11AlgidToParam 398 399 -------------- 400 401`Documentation <#documentation>`__ 402~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 403 404.. container:: 405 406 For a list of the primary NSS documentation pages on mozilla.org, see `NSS 407 Documentation <../index.html#Documentation>`__. New and revised documents available since the 408 release of NSS 3.11 include the following: 409 410 - `Build Instructions for NSS 3.11.4 and above <../nss-3.11.4/nss-3.11.4-build.html>`__ 411 - `NSS Shared DB <http://wiki.mozilla.org/NSS_Shared_DB>`__ 412 413 -------------- 414 415`Compatibility <#compatibility>`__ 416~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 417 418.. container:: 419 420 NSS 3.12.3 shared libraries are backward compatible with all older NSS 3.x shared libraries. A 421 program linked with older NSS 3.x shared libraries will work with NSS 3.12.3 shared libraries 422 without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs 423 to the functions listed in `NSS Public Functions <../ref/nssfunctions.html>`__ will remain 424 compatible with future versions of the NSS shared libraries. 425 426 -------------- 427 428`Feedback <#feedback>`__ 429~~~~~~~~~~~~~~~~~~~~~~~~ 430 431.. container:: 432 433 | Bugs discovered should be reported by filing a bug report with `mozilla.org 434 Bugzilla <https://bugzilla.mozilla.org/>`__ (product NSS).