.. _mozilla_projects_nss_nss_3_111_release_notes:

NSS 3.111 release notes
========================

`Introduction <#introduction>`__
--------------------------------

.. container::

   Network Security Services (NSS) 3.111 was released on *28 April 2025**.

`Distribution Information <#distribution_information>`__
--------------------------------------------------------

.. container::

   The HG tag is NSS_3_111_RTM. NSS 3.111 requires NSPR 4.36 or newer. The latest version of NSPR is 4.36.

   NSS 3.111 source distributions are available on ftp.mozilla.org for secure HTTPS download:

   -  Source tarballs:
      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_111_RTM/src/

   Other releases are available :ref:`mozilla_projects_nss_releases`.

.. _changes_in_nss_3.111:

`Changes in NSS 3.111 <#changes_in_nss_3.111>`__
------------------------------------------------------------------

.. container::

   - Bug 1930806 - FIPS changes need to be upstreamed: force ems policy.
   - Bug 1957685 - Turn off Websites Trust Bit from CAs.
   - Bug 1937338 - Update nssckbi version following April 2025 Batch of Changes.
   - Bug 1943135 - Disable SMIME 'trust bit' for GoDaddy CAs.
   - Bug 1874383 - Replaced deprecated sprintf function with snprintf in dbtool.c.
   - Bug 1954612 - Need up update NSS for PKCS 3.1.
   - Bug 1773374 - avoid leaking localCert if it is already set in ssl3_FillInCachedSID.
   - Bug 1953097 - Decrease ASAN quarantine size for Cryptofuzz in CI.
   - Bug 1943962 - selfserv: Add support for zlib certificate compression.