[openssl-users] OpenSSL 0.9.8 - No more security fixes, nor updates and support, But NO CVEs listed either?

Joe Flowers flowers.joseph at gmail.com
Tue Jan 12 23:05:00 UTC 2016


Hello OpenSSL Developers,

I understand through your previous announcements that OpenSSL 0.9.8 is no
longer "supported", and no more "security fixes", nor "security updates"
will be provided by OpenSSL.org.


Does this mean that we can expect no more CVEs to be generated or listed
for OpenSSL 0.9.8 also?


Thanks!

Joe

------------------------
"NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR
THE
0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED
(AS
PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER
VERSIONS."

"As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL
versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for
these
versions will be provided after that date. In the absence of significant
security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
releases will be the last for those versions. Users of these versions are
advised to upgrade."

per http://openssl.org/news/secadv/20151203.txt.
-------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160112/57d5bc10/attachment.html>


More information about the openssl-users mailing list