nss_3_111.rst - mozsearch

Enable keyboard shortcuts

.. _mozilla_projects_nss_nss_3_111_release_notes:

NSS 3.111 release notes

========================

`Introduction <#introduction>`__

--------------------------------

.. container::

   Network Security Services (NSS) 3.111 was released on *28 April 2025**.

`Distribution Information <#distribution_information>`__

--------------------------------------------------------

.. container::

   The HG tag is NSS_3_111_RTM. NSS 3.111 requires NSPR 4.36 or newer. The latest version of NSPR is 4.36.

   NSS 3.111 source distributions are available on ftp.mozilla.org for secure HTTPS download:

   -  Source tarballs:

      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_111_RTM/src/

   Other releases are available :ref:`mozilla_projects_nss_releases`.

.. _changes_in_nss_3.111:

`Changes in NSS 3.111 <#changes_in_nss_3.111>`__

------------------------------------------------------------------

.. container::

   - Bug 1930806 - FIPS changes need to be upstreamed: force ems policy.

   - Bug 1957685 - Turn off Websites Trust Bit from CAs.

   - Bug 1937338 - Update nssckbi version following April 2025 Batch of Changes.

   - Bug 1943135 - Disable SMIME 'trust bit' for GoDaddy CAs.

   - Bug 1874383 - Replaced deprecated sprintf function with snprintf in dbtool.c.

   - Bug 1954612 - Need up update NSS for PKCS 3.1.

   - Bug 1773374 - avoid leaking localCert if it is already set in ssl3_FillInCachedSID.

   - Bug 1953097 - Decrease ASAN quarantine size for Cryptofuzz in CI.

   - Bug 1943962 - selfserv: Add support for zlib certificate compression.