[openssl-users] OpenSSL 0.9.8 - No more security fixes, nor updates and support, But NO CVEs listed either?

Joe Flowers joe.flowers at nofreewill.com
Tue Jan 12 22:43:58 UTC 2016


Hello OpenSSL Developers,


I understand through your previous announcements that OpenSSL 0.9.8 is
no longer "supported", and no more "security fixes", nor "security
updates" will be provided by OpenSSL.org.


Does this mean that we can expect no more CVEs to be generated or
listed for OpenSSL 0.9.8 also?


Thanks!

Joe


------------------------

"NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE

0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS."


"As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
versions will be provided after that date. In the absence of significant
security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
releases will be the last for those versions. Users of these versions are
advised to upgrade."


per http://openssl.org/news/secadv/20151203.txt.

-------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160112/e7f41d12/attachment.html>


More information about the openssl-users mailing list