Release notes for 0.12.0 release

Signed-off-by: Douglas Stebila <[email protected]>
open-quantum-safe · Dec 6, 2024 · a7251c2 · a7251c2
1 parent d0d0413
commit a7251c2
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -43,7 +43,7 @@ set(CMAKE_C_VISIBILITY_PRESET hidden)
 set(OQS_VERSION_MAJOR 0)
 set(OQS_VERSION_MINOR 12)
 set(OQS_VERSION_PATCH 0)
-set(OQS_VERSION_PRE_RELEASE "-rc1")
+set(OQS_VERSION_PRE_RELEASE "")
 set(OQS_VERSION_TEXT "${OQS_VERSION_MAJOR}.${OQS_VERSION_MINOR}.${OQS_VERSION_PATCH}${OQS_VERSION_PRE_RELEASE}")
 set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
 set(OQS_MINIMAL_GCC_VERSION "7.1.0")

diff --git a/RELEASE.md b/RELEASE.md
@@ -1,5 +1,5 @@
-liboqs version 0.12.0-rc1
-=========================
+liboqs version 0.12.0
+=====================
 
 About
 -----
@@ -27,7 +27,7 @@ liboqs can also be used in the following programming languages via language-spec
 Release notes
 =============
 
-This is release candidate 1 for version 0.12.0 of liboqs. It was released on November 29, 2024.
+This is version 0.12.0 of liboqs. It was released on December 6, 2024.
 
 This release updates the ML-DSA implementation to the [final FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) version. This release still includes the NIST Round 3 version of Dilithium for interoperability purposes, but we plan to remove Dilithium Round 3 in a future release.
 
@@ -38,14 +38,19 @@ This will be the last release of liboqs to include Kyber (that is, the NIST Roun
 
 The addition of ML-DSA FIPS 204 final version to liboqs has introduced a new signature API which includes a context string parameter. We are planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at https://github.com/open-quantum-safe/liboqs/issues/2001.
 
+Security issues
+===============
+
+- CVE-2024-54137: Fixed bug in decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.
+
 What's New
 ----------
 
 This release continues from the 0.11.0 release of liboqs.
 
 ### Key encapsulation mechanisms
 
-- HQC: Fixed correctness bug in decapsulation. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.
+- HQC: Fixed bug in decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.
 - Kyber: This is the last release of liboqs to include Kyber.
 - ML-KEM: Improved testing of ML-KEM.