From Newsgroup: comp.lang.python.announce

PyCA cryptography 49.0.0 has been released to PyPI. cryptography includes
both high level recipes and low level interfaces to common
cryptographic algorithms
such as symmetric ciphers, asymmetric algorithms, message digests, X.509,
key derivation functions, and much more. We support Python 3.9+, and PyPy3 3.11.

Changelog (https://cryptography.io/en/latest/changelog/#v49-0-0)
* BACKWARDS INCOMPATIBLE: Support for x86_64 macOS has been removed. We now only publish arm64 wheels for macOS.
* BACKWARDS INCOMPATIBLE: Support for 32-bit Windows has been removed.
Users should move to a 64-bit Python installation.
* BACKWARDS INCOMPATIBLE: Removed the deprecated PUBLIC_KEY_TYPES, PRIVATE_KEY_TYPES, CERTIFICATE_PRIVATE_KEY_TYPES, CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, and CERTIFICATE_PUBLIC_KEY_TYPES type aliases. Use PublicKeyTypes, PrivateKeyTypes,
CertificateIssuerPrivateKeyTypes, CertificateIssuerPublicKeyTypes, and CertificatePublicKeyTypes instead. These were deprecated in version 40.0.
* BACKWARDS INCOMPATIBLE: ChaCha20 now treats the first 4 bytes of the
nonce as a 32-bit little-endian block counter (as defined in RFC 7539) and tracks the number of bytes processed. Attempting to encrypt or decrypt more data than the counter allows before it would overflow now raises a
ValueError rather than silently diverging from RFC 7539. Setting the
counter portion of the nonce to zero allows encrypting up to 256 GiB with a given nonce.
* BACKWARDS INCOMPATIBLE: Loading an X.509 certificate whose ECDSA or DSA signature AlgorithmIdentifier contains encoded NULL parameters now raises a ValueError. Such certificates are invalid, but older versions of Java
emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when PYO3_CROSS_LIB_DIR is
set. The build now derives the Python include directory from
PYO3_CROSS_LIB_DIR instead of querying the host interpreter, which
previously caused the build to fail during cross-compilations for embedded systems, on hosts which have same-version Python development headers
installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate signing requests, and certificate revocation lists with ML-DSA signing
keys, as well as loading certificates that contain ML-DSA public keys.
* Added enc_length() to KEM so callers can split the encapsulated key from
the ciphertext returned by encrypt().
* require_present(), may_be_present(), and require_not_present() now accept
any extension type. Previously only a fixed set of extension types was supported, which made it impossible to account for otherwise unrecognized critical extensions during path validation.
* Added support for using Certificate, CertificateSigningRequest, and CertificateRevocationList as field types in ASN.1 structures.
* Added value_set(), a class decorator that registers an enum.Enum subclass
as an ASN.1 value set: members are encoded as their underlying value, and decoding fails if the decoded value does not match one of the declared
members.
* Added from_bytes() for parsing a Name from DER bytes, the inverse of public_bytes().
* Added the rsa_padding keyword-only parameter to public_key(). Passing the
PSS class (not an instance) encodes an RSA subject public key in the certificate’s subjectPublicKeyInfo with the id-RSASSA-PSS OID and no parameters.
* Added external mu (message representative) support to ML-DSA signing via
the sign_mu and verify_mu methods, which sign and verify a precomputed
64-byte mu as defined in FIPS 204.

-Paul Kehrer (reaperhulk)
--- Synchronet 3.22a-Linux NewsLink 1.2