[openssl-users] openssl-1.0.2i?

Matt Caswell matt at openssl.org
Wed Sep 14 08:25:12 UTC 2016



On 13/09/16 21:00, Marek Svent wrote:
> Hi,
> 
> 1.0.2h was released four months ago and although several security issues
> worth for CVE number is discovered in it and there has been a lot of
> commits in the 1.0.2 branch fixing other important issues, there is no
> sign of 1.0.2i. Is it planned? Or is 1.1.x focus for development now and
> 1.0.2 users should track a branch which should be treated as constantly
> stable now? Or ... ?

1.0.2 is our Long Term Support branch and continues to be supported. See
this page for our support details:

https://www.openssl.org/policies/releasestrat.html

WRT a new release of 1.0.2, typically we will only do a new release if a
high severity security issue is discovered (or occasionally if there is
a significant bug fix). Low severity defects are published immediately
in git and are made available as part of the next release whenever that
might happen.

In other words, new releases are scheduled on an "as needed" basis as
and when high severity defects are discovered and are typically
announced a few days in advance of the release.

Matt



More information about the openssl-users mailing list