Release: v1.5.12

Weekly release for February 10 2025

Release summary

• Fix the improper calculation of session ticket lifetime.
• Adds support for consuming s2n-tls from CMake FetchContent with interning enabled.
• Adds a new Security Policy deprecation mechanism, and deprecate the SIKE PQ Security Policies.

What's Changed

• fix(bindings): Specify correct minimum versions by @goatgoose in #5028
• ci: add timeout for cbmc proof by @boquan-fang in #5038
• test: add sslv2 client hello test w/ jvm by @jmayclin in #5019
• docs: add C / s2n-tls-sys doc references to s2n-tls docs by @lrstewart in #5012
• Add Security Policy Deprecation API by @alexw91 in #5034
• ci: add openssl-3.0-fips builds by @lrstewart in #5037
• fix: initial config should not influence sslv2 by @jmayclin in #4987
• chore: bindings release for 0.3.10 by @boquan-fang in #5046
• chore: bump osx Openssl to latest by @dougch in #5041
• chore: fix typos by @jmayclin in #5052
• build(deps): bump cross-platform-actions/action from 0.26.0 to 0.27.0 in /.github/workflows in the all-gha-updates group by @dependabot in #5053
• ci: pin duvet version by @lrstewart in #5057
• refactor: remove openssl-1.0.2-fips 'allow md5' logic by @lrstewart in #5048
• ci: Adding integ tests back to integv2 by @maddeleine in #5054
• refactor: cleanup CBMC proofs after #5048 by @lrstewart in #5058
• feat(bench): impl into for base config type by @jmayclin in #5056
• Revert "ci: remove openssl-1.0.2-fips builds (#4995)" by @lrstewart in #5060
• ci: change rust-toolchain format to toml by @CarolYeh910 in #5070
• ci: Emit benchmark metrics from scheduled runs by @goatgoose in #5064
• fix(bindings): prevent temp connection free after panic by @jmayclin in #5067
• docs(integv2): add architecture diagram by @jmayclin in #5072
• docs(s2n-tls-hyper): Add hyper client/server example by @goatgoose in #5069
• ci: fix dependabot, commit & check Cargo.toml by @CarolYeh910 in #5065
• fix(integration): Update PQ integration test expectations by @goatgoose in #5082
• fix: add support for S2N_INTERN_LIBCRYPTO with FetchContent by @kou in #5076
• fix: calculation of session ticket age by @boquan-fang in #5001
• fix: error for uninit psk, check for all-zero psk by @jmayclin in #5084
• fix: don't use DEPENDS with add_custom_command(TARGET) by @kou in #5074
• fix(ci): Allow validate_start_codebuild to run on pushes to main by @goatgoose in #5080

New Contributors

• @kou made their first contribution in #5076

Full Changelog: v1.5.11...v1.5.12