This blog post continues from the previous blog post, What the DigiNotar security breach means for Qt users.
Contrary to an earlier DigiNotar statement, possibly all DigiNotar intermediate certificates are affected by the attack; this means that blacklisting only the DigiNotar root certificate is not enough. Since some of those intermediates are cross-signed, i.e. their trust does not ultimately rely on the DigiNotar root certificate, they need to be blacklisted.
Below are patches provided that blacklist all DigiNotar intermediates and root certificates.
(or if the patch for blacklisting the fraudulent Comodo certificates has been applied to earlier versions (see the blog post on the Comodo attack):
All upcoming Qt versions, including 4.8 and 5, will contain a fix for the problem already (see e.g. the Qt 5 commit, the commits in the 4.7 and 4.8 repositories are not public yet).
Thanks to Rich Moore from KDE for cross-reading this post.
Download the latest release here: www.qt.io/download.
Qt 5.12 was developed with a strong focus on quality and is a long-term-supported (LTS) release that will be supported for 3 years.
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Näytä tämä julkaisu Instagramissa.
Want to build something for tomorrow, join #QtPeople today! We have loads of cool jobs you don’t want to miss! http://qt.io/careers #builtwithQt #software #developers #coding #framework #tool #tooling #C++ #QML #engineers #sales #tech #technology #UI #UX #CX #Qt #Qtdev #global #openpositions #careers #job
Henkilön Qt (@theqtcompany) jakama julkaisu