• [Python-announce] PyCA cryptography 42.0.0 released

    From Paul Kehrer@paul.l.kehrer@gmail.com to comp.lang.python.announce on Mon Jan 22 19:41:31 2024
    From Newsgroup: comp.lang.python.announce

    PyCA cryptography 42.0.0 has been released to PyPI. cryptography
    includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric
    algorithms, message digests, X509, key derivation functions, and much
    more. We support Python 3.7+, and PyPy3 7.3.10+.
    Changelog (https://cryptography.io/en/latest/changelog/#v42-0-0):
    * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
    * BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field using load_pem_pkcs7_certificates() or load_der_pkcs7_certificates() will
    now raise a ValueError rather than return an empty list.
    * Parsing SSH certificates no longer permits malformed critical
    options with values, as documented in the 41.0.2 release notes.
    * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0.
    * Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0.
    * We now publish both py37 and py39 abi3 wheels. This should resolve
    some errors relating to initializing a module multiple times per
    process.
    * Support PSS for X.509 certificate signing requests and certificate
    revocation lists with the keyword-only argument rsa_padding on the
    sign methods for CertificateSigningRequestBuilder and CertificateRevocationListBuilder.
    * Added support for obtaining X.509 certificate signing request
    signature algorithm parameters (including PSS) via signature_algorithm_parameters().
    * Added support for obtaining X.509 certificate revocation list
    signature algorithm parameters (including PSS) via signature_algorithm_parameters().
    * Added mgf property to PSS.
    * Added algorithm and mgf properties to OAEP.
    * Added the following properties that return timezone-aware datetime
    objects: not_valid_before_utc(), not_valid_after_utc(),
    revocation_date_utc(), next_update_utc(), last_update_utc(). These are timezone-aware variants of existing properties that return naïve
    datetime objects.
    * Deprecated the following properties that return naïve datetime
    objects: not_valid_before(), not_valid_after(), revocation_date(), next_update(), last_update() in favor of the new timezone-aware
    variants mentioned above.
    * Added support for ChaCha20 on LibreSSL.
    * Added support for RSA PSS signatures in PKCS7 with add_signer().
    * In the next release (43.0.0) of cryptography, loading an X.509
    certificate with a negative serial number will raise an exception.
    This has been deprecated since 36.0.0.
    * Added support for AESGCMSIV when using OpenSSL 3.2.0+.
    * Added the X.509 path validation APIs for Certificate chains. These
    APIs should be considered unstable and not subject to our stability
    guarantees until documented as such in a future release.
    * Added support for SM4 GCM when using OpenSSL 3.0 or greater.
    -Paul Kehrer (reaperhulk)
    --- Synchronet 3.20a-Linux NewsLink 1.114